"I'm Surprised So Much Is Connected"

Sven Hammann, Michael Crabb, Sasa Radomirovic, Ralf Sasse, David Basin

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

A person's online security setup is tied to the security of their individual accounts. Some accounts are particularly critical as they provide access to other online services. For example, an email account can be used for external account recovery or to assist with single-sign-on. The connections between accounts are specific to each user's setup and create unique security problems that are difficult to remedy by following generic security advice. In this paper, we develop a method to gather and analyze users' online accounts systematically. We demonstrate this in a user study with 20 participants and obtain detailed insights on how users' personal setup choices and behaviors affect their overall account security. We discuss concrete usability and privacy concerns that prevented our participants from improving their account security. Based on our findings, we provide recommendations for service providers and security experts to increase the adoption of security best practices.

Original languageEnglish
Title of host publicationCHI '22: CHI Conference on Human Factors in Computing Systems
PublisherAssociation for Computing Machinery
ISBN (Electronic)9781450391573
DOIs
Publication statusPublished - 29 Apr 2022
Event2022 CHI Conference on Human Factors in Computing Systems - Virtual, Online, United States
Duration: 30 Apr 20225 May 2022

Conference

Conference2022 CHI Conference on Human Factors in Computing Systems
Abbreviated titleCHI 2022
Country/TerritoryUnited States
CityVirtual, Online
Period30/04/225/05/22

Keywords

  • Account Graph
  • security setup
  • user interviews

ASJC Scopus subject areas

  • Human-Computer Interaction
  • Computer Graphics and Computer-Aided Design
  • Software

Fingerprint

Dive into the research topics of '"I'm Surprised So Much Is Connected"'. Together they form a unique fingerprint.

Cite this