Visible to the public Characterizing user behavior and anticipating its effects on computer security with a Security Behavior Observatory - April 2020Conflict Detection Enabled

Submitted by Jamie Presken on Sun, 03/15/2020 - 5:17pm

PI(s), Co-PI(s), Researchers:

Lorrie Cranor, Nicolas Christin

Researchers: Sarah Pearman, Jeremy Thomas

HARD PROBLEM(S) ADDRESSED
This refers to Hard Problems, released November 2012.

The Security Behavior Observatory addresses the hard problem of "Understanding and Accounting for Human Behavior" by collecting data directly from people's own home computers, thereby capturing people's computing behavior "in the wild". This data is the closest to the ground truth of the users' everyday security and privacy challenges that the research community has ever collected. We expect the insights discovered by analyzing this data will profoundly impact multiple research domains, including but not limited to behavioral sciences, computer security & privacy, economics, and human-computer interaction.

PUBLICATIONS

  • (How) Do people change their passwords after a breach? Sruti Bhagavatula, Lujo Bauer, and Apu Kapadia. To appear at Workshop on Technology and Consumer Protection (ConPro 2020). Also under review for Symposium on Usable Privacy and Security (SOUPS 2020).

PUBLIC ACCOMPLISHMENT HIGHLIGHTS

The purpose is to give our immediate sponsors a body of evidence that the funding they are providing is delivering results that "more than justify" the investment they are making.

We have been working on multiple papers examining user responses to breaches. One of these papers, which examines password behavior after password breaches, has been accepted and will appear at the ConPro 2020 workshop and is currently under review for SOUPS 2020. In this paper, we used the Security Behavior Observatory (SBO) dataset to examine specific password breaches and determine how often people actually change their passwords in the aftermath of a breach and how constructive these changes are.

The SBO addresses the hard problem of "Understanding and Accounting for Human Behavior" by collecting data directly from people's own home computers, thereby capturing people's computing behavior "in the wild". This data is the closest to the ground truth of the users' everyday security and privacy challenges that the research community has ever collected.

COMMUNITY ENGAGEMENTS

EDUCATIONAL ADVANCES (If Applicable)

Groups: