The Framework of Security-Enhancing Friction: How UX Can Help Users Behave More Securely

Verena Distler; Gabriele Lenzini; Carine Lallemand; Vincent Koenig

doi:10.1145/3442167.3442173

The Framework of Security-Enhancing Friction: How UX Can Help Users Behave More Securely

Verena Distler, Gabriele Lenzini, Carine Lallemand, Vincent Koenig

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

13 Citations (Scopus)

Abstract

A growing body of research in the usable privacy and security community addresses the question of how to best influence user behavior to reduce risk-taking. We propose to address this challenge by integrating the concept of user experience (UX) into empirical usable privacy and security studies that attempt to change risk-taking behavior. UX enables us to study the complex interplay between user-related, system-related and contextual factors and provides insights into the experiential aspects underlying behavior change, including negative experiences. We first compare and contrast existing security-enhancing interventions (e.g., nudges, warnings, fear appeals) through the lens of friction. We then build on these insights to argue that it can be desirable to design for moments of negative UX in security-critical situations. For this purpose, we introduce the novel concept of security-enhancing friction, friction that effectively reduces the occurrence of risk-taking behavior and ensures that the overall UX (after use) is not compromised. We illustrate how security-enhancing friction provides an actionable way to systematically integrate the concept of UX into empirical usable privacy and security studies for meeting both the objectives of secure behavior and of overall acceptable experience.

Original language	English
Title of host publication	New Security Paradigms Workshop, NSPW 2020 - Post-Proceedings
Publisher	Association for Computing Machinery, Inc
Pages	45-58
Number of pages	14
ISBN (Electronic)	9781450389952
DOIs	https://doi.org/10.1145/3442167.3442173
Publication status	Published - 26 Oct 2020
Event	2020 New Security Paradigms Workshop, NSPW 2020 - Virtual, Online, United States Duration: 26 Oct 2020 → 29 Oct 2020

Publication series

Name	ACM International Conference Proceeding Series

Conference

Conference	2020 New Security Paradigms Workshop, NSPW 2020
Country/Territory	United States
City	Virtual, Online
Period	26/10/20 → 29/10/20

Keywords

Friction Design.
Trust
Usable Security
User Experience

Access to Document

10.1145/3442167.3442173

Cite this

Distler, V., Lenzini, G., Lallemand, C., & Koenig, V. (2020). The Framework of Security-Enhancing Friction: How UX Can Help Users Behave More Securely. In New Security Paradigms Workshop, NSPW 2020 - Post-Proceedings (pp. 45-58). Article 3442173 (ACM International Conference Proceeding Series). Association for Computing Machinery, Inc. https://doi.org/10.1145/3442167.3442173

@inproceedings{77372580f45b4ef597abad1d7ef84991,

title = "The Framework of Security-Enhancing Friction: How UX Can Help Users Behave More Securely",

abstract = "A growing body of research in the usable privacy and security community addresses the question of how to best influence user behavior to reduce risk-taking. We propose to address this challenge by integrating the concept of user experience (UX) into empirical usable privacy and security studies that attempt to change risk-taking behavior. UX enables us to study the complex interplay between user-related, system-related and contextual factors and provides insights into the experiential aspects underlying behavior change, including negative experiences. We first compare and contrast existing security-enhancing interventions (e.g., nudges, warnings, fear appeals) through the lens of friction. We then build on these insights to argue that it can be desirable to design for moments of negative UX in security-critical situations. For this purpose, we introduce the novel concept of security-enhancing friction, friction that effectively reduces the occurrence of risk-taking behavior and ensures that the overall UX (after use) is not compromised. We illustrate how security-enhancing friction provides an actionable way to systematically integrate the concept of UX into empirical usable privacy and security studies for meeting both the objectives of secure behavior and of overall acceptable experience. ",

keywords = "Friction Design., Trust, Usable Security, User Experience",

author = "Verena Distler and Gabriele Lenzini and Carine Lallemand and Vincent Koenig",

year = "2020",

month = oct,

day = "26",

doi = "10.1145/3442167.3442173",

language = "English",

series = "ACM International Conference Proceeding Series",

publisher = "Association for Computing Machinery, Inc",

pages = "45--58",

booktitle = "New Security Paradigms Workshop, NSPW 2020 - Post-Proceedings",

address = "United States",

note = "2020 New Security Paradigms Workshop, NSPW 2020 ; Conference date: 26-10-2020 Through 29-10-2020",

}

Distler, V, Lenzini, G, Lallemand, C & Koenig, V 2020, The Framework of Security-Enhancing Friction: How UX Can Help Users Behave More Securely. in New Security Paradigms Workshop, NSPW 2020 - Post-Proceedings., 3442173, ACM International Conference Proceeding Series, Association for Computing Machinery, Inc, pp. 45-58, 2020 New Security Paradigms Workshop, NSPW 2020, Virtual, Online, United States, 26/10/20. https://doi.org/10.1145/3442167.3442173

The Framework of Security-Enhancing Friction: How UX Can Help Users Behave More Securely. / Distler, Verena; Lenzini, Gabriele; Lallemand, Carine et al.
New Security Paradigms Workshop, NSPW 2020 - Post-Proceedings. Association for Computing Machinery, Inc, 2020. p. 45-58 3442173 (ACM International Conference Proceeding Series).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - The Framework of Security-Enhancing Friction

T2 - 2020 New Security Paradigms Workshop, NSPW 2020

AU - Distler, Verena

AU - Lenzini, Gabriele

AU - Lallemand, Carine

AU - Koenig, Vincent

PY - 2020/10/26

Y1 - 2020/10/26

N2 - A growing body of research in the usable privacy and security community addresses the question of how to best influence user behavior to reduce risk-taking. We propose to address this challenge by integrating the concept of user experience (UX) into empirical usable privacy and security studies that attempt to change risk-taking behavior. UX enables us to study the complex interplay between user-related, system-related and contextual factors and provides insights into the experiential aspects underlying behavior change, including negative experiences. We first compare and contrast existing security-enhancing interventions (e.g., nudges, warnings, fear appeals) through the lens of friction. We then build on these insights to argue that it can be desirable to design for moments of negative UX in security-critical situations. For this purpose, we introduce the novel concept of security-enhancing friction, friction that effectively reduces the occurrence of risk-taking behavior and ensures that the overall UX (after use) is not compromised. We illustrate how security-enhancing friction provides an actionable way to systematically integrate the concept of UX into empirical usable privacy and security studies for meeting both the objectives of secure behavior and of overall acceptable experience.

AB - A growing body of research in the usable privacy and security community addresses the question of how to best influence user behavior to reduce risk-taking. We propose to address this challenge by integrating the concept of user experience (UX) into empirical usable privacy and security studies that attempt to change risk-taking behavior. UX enables us to study the complex interplay between user-related, system-related and contextual factors and provides insights into the experiential aspects underlying behavior change, including negative experiences. We first compare and contrast existing security-enhancing interventions (e.g., nudges, warnings, fear appeals) through the lens of friction. We then build on these insights to argue that it can be desirable to design for moments of negative UX in security-critical situations. For this purpose, we introduce the novel concept of security-enhancing friction, friction that effectively reduces the occurrence of risk-taking behavior and ensures that the overall UX (after use) is not compromised. We illustrate how security-enhancing friction provides an actionable way to systematically integrate the concept of UX into empirical usable privacy and security studies for meeting both the objectives of secure behavior and of overall acceptable experience.

KW - Friction Design.

KW - Trust

KW - Usable Security

KW - User Experience

UR - http://www.scopus.com/inward/record.url?scp=85100424573&partnerID=8YFLogxK

U2 - 10.1145/3442167.3442173

DO - 10.1145/3442167.3442173

M3 - Conference contribution

AN - SCOPUS:85100424573

T3 - ACM International Conference Proceeding Series

SP - 45

EP - 58

BT - New Security Paradigms Workshop, NSPW 2020 - Post-Proceedings

PB - Association for Computing Machinery, Inc

Y2 - 26 October 2020 through 29 October 2020

ER -

The Framework of Security-Enhancing Friction: How UX Can Help Users Behave More Securely

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this