Abstract :
[en] A growing body of research in the usable privacy and security
community addresses the question of how to best influence user
behavior to reduce risk-taking.We propose to address this challenge
by integrating the concept of user experience (UX) into empirical
usable privacy and security studies that attempt to change risktaking
behavior. UX enables us to study the complex interplay
between user-related, system-related and contextual factors and
provides insights into the experiential aspects underlying behavior
change, including negative experiences.
We first compare and contrast existing security-enhancing interventions
(e.g., nudges, warnings, fear appeals) through the lens
of friction. We then build on these insights to argue that it can be
desirable to design for moments of negative UX in security-critical
situations. For this purpose, we introduce the novel concept of
security-enhancing friction, friction that effectively reduces the
occurrence of risk-taking behavior and ensures that the overall UX
(after use) is not compromised.
We illustrate how security-enhancing friction provides an actionable
way to systematically integrate the concept of UX into
empirical usable privacy and security studies for meeting both the
objectives of secure behavior and of overall acceptable experience.
Scopus citations®
without self-citations
11