Katharina Pfeffer presented paper on Security Stories at SOUPS 2022
Katharina Pfeffer presented the paper “Replication: Stories as Informal Lessons about Security” from Katharina Pfeffer, Alexandra Mai, Edgar Weippl, Emilee Rader, and Katharina Krombholz at the Eighteenth Symposium on Usable Privacy and Security (SOUPS) taking place from August 7-9 in Boston.
Anecdotal stories about security threats told to non-experts by friends, peers, or the media have been shown to be important in forming mental models and secure behaviors. In 2012, Rader et al. conducted a survey (n=301) of security stories with a student sample to determine factors that influence security perceptions and behavior. We replicated this survey with a more diverse sample (n=299), including different age groups and educational backgrounds. We were able to confirm many of the original findings, providing further evidence that certain characteristics of stories increase the likelihood of learning and retelling. Moreover, we contribute new insights into how people learn from stories, such as that younger and higher educated people are less likely to change their thinking or be emotionally influenced by stories. We (re)discovered all of the threat themes found by Rader et al., suggesting that these threats have not been eliminated in the last decade, and found new ones such as ransomware and data breaches. Our findings help to improve the design of security advise and education for non-experts.
About the conference
SOUPS brings together an interdisciplinary group of researchers and practitioners in human-computer interaction, security, and privacy.