skip to main content


Title: Spidey Sense: Designing Wrist-Mounted Affective Haptics for Communicating Cybersecurity Warnings
Improving end-users’ awareness of cybersecurity warnings (e.g., phishing and malware alerts) remains a longstanding problem in usable security. Prior work suggests two key weaknesses with existing warnings: they are primarily communicated via saturated communication channels (e.g., visual, auditory, and vibrotactile); and, they are communicated rationally, not viscerally. We hypothesized that wrist-based affective haptics should address both of these weaknesses in a form-factor that is practically deployable: i.e., as a replaceable wristband compatible with modern smartwatches like the Apple Watch. To that end, we designed and implemented Spidey Sense, a wristband that produces customizable squeezing sensations to alert users to urgent cybersecurity warnings. To evaluate Spidey Sense, we applied a three-phased ‘Gen-Rank-Verify’ study methodology with 48 participants. We found evidence that, relative to vibrotactile alerts, Spidey Sense was considered more appropriate for the task of alerting people to cybersecurity warnings.  more » « less
Award ID(s):
2029519
NSF-PAR ID:
10280815
Author(s) / Creator(s):
; ; ; ;
Date Published:
Journal Name:
Designing Interactive Systems Conference 2021 (DIS ’21)
Page Range / eLocation ID:
125 to 137
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. Adherence to security warnings continues to be an important problem in information security. Although users may fail to heed a security warning for a variety of reasons, a major contributor is habituation, which is decreased response to repeated stimulation. However, the scope of this problem may actually be much broader than previously thought because of the neurobiological phenomenon of generalization. Whereas habituation describes a diminished response with repetitions of the same stimulus, generalization occurs when habituation to one stimulus carries over to other novel stimuli that are similar in appearance. Generalization has important implications for the domains of usable security and human–computer interaction. Because a basic principle of user interface design is visual consistency, generalization suggests that through exposure to frequent non-security-related notifications (e.g., dialogs, alerts, confirmations, etc.) that share a similar look and feel, users may become deeply habituated to critical security warnings that they have never seen before. Further, with the increasing number of notifications in our lives across a range of mobile, Internet of Things, and computing devices, the accumulated effect of generalization may be substantial. However, this problem has not been empirically examined before. This paper contributes by measuring the impacts of generalization in terms of (1) diminished attention via mouse cursor tracking and (2) users’ ability to behaviorally adhere to security warnings. Through an online experiment, we find that: • Habituation to a frequent non-security-related notification does carry over to a one-time security warning. • Generalization of habituation is manifest both in (1) decreased attention to warnings and (2) lower warning adherence behavior. • The carry-over effect, most importantly, is due to generalization, and not fatigue. • The degree that generalization occurs depends on the similarity in look and feel between a notification and warning. These findings open new avenues of research and provide guidance to software developers for creating warnings that are more resistant to the effects of generalization of habituation, thereby improving users’ security warning adherence. 
    more » « less
  2. null (Ed.)
    The purpose of alerts and warnings is to provide necessary information to the public that will lead to their safety in emergencies. The nation’s alerting capabilities need to evolve and progress with the extensive use of smartphones, and newer technologies become available, especially to be more precisely targeted to sub-populations at risk. Historically, this has been a challenge as the delivery of alerts and warning messages to the public is primarily through broadcast media and signs. However, deploying such signs takes time and may not be visible to people imminent of natural hazards. Especially for road closing, marking hazards, emergency evacuation, etc., it would be beneficial to have an easy-to-deploy and automated alert/warning system that requires no line of sight. To this end, we have developed Insight – a Bluetooth beacon-based system that uses a smartphone application to sense signals from beacons marking hazard zones. The system does not require any Internet or communication infrastructure and therefore, it is resilient to breakdowns in communications during disasters. To demonstrate the feasibility of Insight, we conducted a study in an urban university campus location. The system demonstrated adequate usability and feasibility. 
    more » « less
  3. The Internet enables users to access vast resources, but it can also expose users to harmful cyber-attacks. It is imperative that users be informed about a security incident in a timely manner in order to make proper decisions. Visualization of security threats and warnings is one of the effective ways to inform users. However, visual cues are not always accessible to all users, and in particular, those with visual impairments. This late-breaking-work paper hypothesizes that the use of proper sounds in conjunction with visual cues can better represent security alerts to all users. Toward our research goal to validate this hypothesis, we first describe a methodology, referred to as sonification, to effectively design and develop auditory cyber-security threat indicators to warn users about cyber-attacks. Next, we present a case study, along with the results, of various types of usability testing conducted on a number of Internet users who are visually impaired. The presented concept can be viewed as a general framework for the creation and evaluation of human factor interactions with sounds in a cyber-space domain. The paper concludes with a discussion of future steps to enhance this work. 
    more » « less
  4. This study focuses on identifying the factors contributing to a sense of personal responsibility that could improve understanding of insecure cybersecurity behavior and guide research toward more effective messaging targeting non-adopting populations. Towards that, we ran a 2(account type)x2(usage scenario)x2(message type) between-group study with 237 United States adult participants on Amazon MTurk, and investigated how the non-adopting population allocates blame, and under what circumstances they blame the end user among the parties who hold responsibility: the software companies holding data, the attackers exposing data, and others. We find users primarily hold service providers accountable for breaches but they feel the same companies should not enforce stronger security policies on users. Results indicate that people do hold end users accountable for their behavior in the event of a breach, especially when the users’ behavior affects others. Implications of our findings in risk communication is discussed in the paper. 
    more » « less
  5. Earthquake early warning (EEW) systems are relatively new technologies having first emerged as regional systems in the 1990s. Japan was the first nation to develop and implement a nationwide system in October 2007, and in the United States, ShakeAlert®became available on the entire length of the US West Coast in May 2021. Assessing how EEW is perceived and utilized by alert recipients is considered essential. Such assessments are necessary to evaluate whether alert recipients are taking advantage of alert messages to initiate protective actions upon receipt of an alert, how they regard the usefulness of alerts, desirable thresholds for issuing alerts, and other aspects of these systems. Having information from users will also facilitate assessments of the success of earthquake preparedness educational programs such as the ShakeOut and whether annual drills which include information on EEW systems are resulting in behavioral response consistent with the content of these programs. Finally, information on EEW utilization will provide data useful to social scientists who study hazards to advance our understanding of behavioral response to warnings. Survey research in the aftermath of a significant earthquake in which an EEW has been issued is one obvious method of achieving these objectives and there already exist a number of survey instruments for this purpose. A related strategy and the goal of the present research is to develop a brief questionnaire, consistent with those already developed, as a supplement to the United States Geological Survey’s “Did You Feel It?” questionnaire that has provided earthquake intensities and information on behavioral response in earthquakes, both domestic and international, since 2004. Having the intensity level at each respondent’s location is essential for relating their perspectives and actions to the shaking they experienced.

     
    more » « less