Document Type
Article
Journal/Book Title/Conference
Information and Computer Security
Volume
32
Issue
3
Publisher
Emerald Publishing Limited
Publication Date
11-20-2023
Journal Article Version
Accepted Manuscript
First Page
282
Last Page
303
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial 4.0 License
Abstract
Purpose: Security and privacy-preserving tools (for brevity, we term them as ‘security tools’ in this paper, unless otherwise specified) are designed to protect the security and privacy of people in the digital environment. However, inappropriate use of these tools can lead to unexpected consequences that are preventable. Hence, it is significant to examine why users do not understand the security tools.
Methodology: We conducted a qualitative study with 40 participants in the USA to investigate the prevalent misconceptions of people regarding security tools, their perceptions of data access, and the corresponding impact on their usage behavior and data protection strategies.
Findings: While security vulnerabilities are often rooted in people’s Internet usage behavior, we examined user’s mental models of the Internet and unpacked how the misconceptions about security tools relate to those mental models.
Value: Based on our findings, we offer recommendations highlighting the design aspects of security tools that need careful attention from researchers and industry practitioners, to alleviate users’ misconceptions and provide them with accurate conceptual models towards the desired use of security tools.
Recommended Citation
Dumaru, P., Shrestha, A., Paudel, R., Haverkamp, C., McClain, M.B. and Al-Ameen, M.N. (2024), "“…I have my dad, sister, brother, and mom’s password”: unveiling users’ mental models of security and privacy-preserving tools", Information and Computer Security, Vol. 32 No. 3, pp. 282-303. https://doi.org/10.1108/ICS-04-2023-0047
