000000260 001__ 260
000000260 005__ 20130522141941.0
000000260 037__ $$aLERSSE-RefConfPaper-2011-005
000000260 100__ $$aAndreas Sotirakopoulos
000000260 245__ $$aOn the Challenges in Usable Security Lab Studies: Lessons Learned from Replicating a Study on SSL Warnings
000000260 260__ $$c2011-06-15
000000260 300__ $$amult. p
000000260 520__ $$aWe replicated and extended a 2008 study conducted at CMU that investigated the e effectiveness of SSL warnings. We adjusted the experimental design to mitigate some of the limitations of that prior study; adjustments include allowing participants to use their web browser of choice and recruiting a more representative user sample. However, during our study we observed a strong disparity between our participants actions during the laboratory tasks and their self-reported "would be" actions during similar tasks in every day computer practices. Our participants attributed this disparity to the laboratory environment and the security it offered.In this paper we discuss our results and how the introduced changes to the initial study design may have affected them.Also, we discuss the challenges of observing natural behavior in a study environment, as well as the challenges of replicating previous studies given the rapid changes in web technology. We also propose alternatives to traditional laboratory study methodologies that can be considered by the usable security research community when investigating research questions involving sensitive data where trust may influence behavior.
000000260 700__ $$aKirstie Hawkey
000000260 700__ $$aKonstantin Beznosov
000000260 8560_ $$fandreass@ece.ubc.ca
000000260 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/260/files/260.pdf$$yTransfer from CDS 0.99.7
000000260 909C4 $$pAndreas Sotirakopoulos, Kirstie Hawkey, and Konstantin Beznosov. On the Challenges in Usable Security Lab Studies: Lessons Learned from Replicating a Study on SSL Warnings. In Proceedings of Symposium on Usable Privacy and Security, July 2011
000000260 980__ $$aRefConfPaper