skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Spidey Sense: Designing Wrist-Mounted Affective Haptics for Communicating Cybersecurity Warnings
Improving end-users’ awareness of cybersecurity warnings (e.g., phishing and malware alerts) remains a longstanding problem in usable security. Prior work suggests two key weaknesses with existing warnings: they are primarily communicated via saturated communication channels (e.g., visual, auditory, and vibrotactile); and, they are communicated rationally, not viscerally. We hypothesized that wrist-based affective haptics should address both of these weaknesses in a form-factor that is practically deployable: i.e., as a replaceable wristband compatible with modern smartwatches like the Apple Watch. To that end, we designed and implemented Spidey Sense, a wristband that produces customizable squeezing sensations to alert users to urgent cybersecurity warnings. To evaluate Spidey Sense, we applied a three-phased ‘Gen-Rank-Verify’ study methodology with 48 participants. We found evidence that, relative to vibrotactile alerts, Spidey Sense was considered more appropriate for the task of alerting people to cybersecurity warnings.  more » « less
Award ID(s):
2029519
PAR ID:
10280815
Author(s) / Creator(s):
; ; ; ;
Date Published:
Journal Name:
Designing Interactive Systems Conference 2021 (DIS ’21)
Page Range / eLocation ID:
125 to 137
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. (, Symposium on Usable Privacy and Security (SOUPS))
    Adherence to security warnings continues to be an important problem in information security. Although users may fail to heed a security warning for a variety of reasons, a major contributor is habituation, which is decreased response to repeated stimulation. However, the scope of this problem may actually be much broader than previously thought because of the neurobiological phenomenon of generalization. Whereas habituation describes a diminished response with repetitions of the same stimulus, generalization occurs when habituation to one stimulus carries over to other novel stimuli that are similar in appearance. Generalization has important implications for the domains of usable security and human–computer interaction. Because a basic principle of user interface design is visual consistency, generalization suggests that through exposure to frequent non-security-related notifications (e.g., dialogs, alerts, confirmations, etc.) that share a similar look and feel, users may become deeply habituated to critical security warnings that they have never seen before. Further, with the increasing number of notifications in our lives across a range of mobile, Internet of Things, and computing devices, the accumulated effect of generalization may be substantial. However, this problem has not been empirically examined before. This paper contributes by measuring the impacts of generalization in terms of (1) diminished attention via mouse cursor tracking and (2) users’ ability to behaviorally adhere to security warnings. Through an online experiment, we find that: • Habituation to a frequent non-security-related notification does carry over to a one-time security warning. • Generalization of habituation is manifest both in (1) decreased attention to warnings and (2) lower warning adherence behavior. • The carry-over effect, most importantly, is due to generalization, and not fatigue. • The degree that generalization occurs depends on the similarity in look and feel between a notification and warning. These findings open new avenues of research and provide guidance to software developers for creating warnings that are more resistant to the effects of generalization of habituation, thereby improving users’ security warning adherence. 
    more » « less
  2. ; (, Proceedings of the Human Factors and Ergonomics Society Annual Meeting)
    Higher levels of driving automation make effective takeover requests critical. The wrist’s sensitivity to vibration makes wristband devices a potential carrier for sending these requests. However, the impacts of conveying takeover requests through directional vibrotactile patterns such as dynamic patterns (sequential stimuli occurring at different locations on the wrist) and static patterns (fixed stimuli at the same locations on the wrist) are unclear. Therefore, this study examined the effects of directional vibrotactile patterns on takeover performance among younger and older adults. Participants responded to four patterns (two dynamic, one static, and one baseline) in a simulated SAE Level 3 automated vehicle. Takeover performance was evaluated using reaction time and takeover time. The results show that the static and baseline patterns had shorter reaction and takeover times compared to the dynamic patterns. In addition, younger adults react faster to takeover requests compared to older adults. Findings provide important insights for the future design of human-machine interfaces via wristband devices for automated vehicles. 
    more » « less
  3. ; ; ; ; ; (, International Journal of Disaster Risk Reduction)
    On January 15, 2022, the Hunga-Tonga-Hunga-Ha'apai (Tonga) volcano erupted and triggered a tsunami forecasted to reach North America. This event provided a unique opportunity to investigate risk perception and communication among coastal emergency managers and emergency program coordinators (EMs). In response, this research explores 1) how risk can be communicated most effectively and 2) how risk perceptions associated with “distant” tsunami alerts and warnings affect EMs' willingness to issue emergency alerts. A purposive sample of coastal EMs (n = 21) in the U.S. Pacific Northwest participated in semi-structured interviews. Participants represented Tribal, county, state, and federal agencies in Washington, Oregon, and California. Interview transcripts were deductively coded and thematically analyzed. Participants perceived low risk from the Tonga tsunami but took precautionary measures and alerted the public. Participants described how their actions were driven by community characteristics and the anticipated reactions to messaging among residents. Many reported the need to balance notifying the public and avoiding the negative impacts of their messaging (e.g., “crying wolf,” panic, curiosity). The unique nature of the event led to identification of unanticipated facilitators and barriers to decision- making among participants. These findings can inform distant tsunami risk communication and preparedness for coastal communities. 
    more » « less
  4. ; ; ; ; ; (, IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC))
    This study focuses on identifying the factors contributing to a sense of personal responsibility that could improve understanding of insecure cybersecurity behavior and guide research toward more effective messaging targeting non-adopting populations. Towards that, we ran a 2(account type)x2(usage scenario)x2(message type) between-group study with 237 United States adult participants on Amazon MTurk, and investigated how the non-adopting population allocates blame, and under what circumstances they blame the end user among the parties who hold responsibility: the software companies holding data, the attackers exposing data, and others. We find users primarily hold service providers accountable for breaches but they feel the same companies should not enforce stronger security policies on users. Results indicate that people do hold end users accountable for their behavior in the event of a breach, especially when the users’ behavior affects others. Implications of our findings in risk communication is discussed in the paper. 
    more » « less
  5. ; ; (, 2021 IEEE 18th Annual Consumer Communications & Networking Conference (CCNC),)
    null (Ed.)
    The purpose of alerts and warnings is to provide necessary information to the public that will lead to their safety in emergencies. The nation’s alerting capabilities need to evolve and progress with the extensive use of smartphones, and newer technologies become available, especially to be more precisely targeted to sub-populations at risk. Historically, this has been a challenge as the delivery of alerts and warning messages to the public is primarily through broadcast media and signs. However, deploying such signs takes time and may not be visible to people imminent of natural hazards. Especially for road closing, marking hazards, emergency evacuation, etc., it would be beneficial to have an easy-to-deploy and automated alert/warning system that requires no line of sight. To this end, we have developed Insight – a Bluetooth beacon-based system that uses a smartphone application to sense signals from beacons marking hazard zones. The system does not require any Internet or communication infrastructure and therefore, it is resilient to breakdowns in communications during disasters. To demonstrate the feasibility of Insight, we conducted a study in an urban university campus location. The system demonstrated adequate usability and feasibility. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email