research-article

The Nudge Puzzle: Matching Nudge Interventions to Cybersecurity Decisions

Authors:
Verena Zimmermann

Technische Universität Darmstadt, Darmstadt, Germany

Technische Universität Darmstadt, Darmstadt, Germany
View Profile

,
Karen Renaud

University of Strathclyde and Rhodes University, Makhanda, Eastern Cape, South Africa

University of Strathclyde and Rhodes University, Makhanda, Eastern Cape, South Africa
View Profile

Authors Info & Claims

ACM Transactions on Computer-Human Interaction Volume 28 Issue 1Article No.: 7pp 1–45https://doi.org/10.1145/3429888

Published:20 January 2021Publication History

ACM Transactions on Computer-Human Interaction

Abstract

Nudging is a promising approach, in terms of influencing people to make advisable choices in a range of domains, including cybersecurity. However, the processes underlying the concept and the nudge’s effectiveness in different contexts, and in the long term, are still poorly understood. Our research thus first reviewed the nudge concept and differentiated it from other interventions before applying it to the cybersecurity area. We then carried out an empirical study to assess the effectiveness of three different nudge-related interventions on four types of cybersecurity-specific decisions. Our study demonstrated that the combination of a simple nudge and information provision, termed a “hybrid nudge,” was at least as, and in some decision contexts even more effective in encouraging secure choices as the simple nudge on its own. This indicates that the inclusion of information when deploying a nudge, thereby increasing the intervention’s transparency, does not necessarily diminish its effectiveness.

A follow-up study explored the educational and long-term impact of our tested nudge interventions to encourage secure choices. The results indicate that the impact of the initial nudges, of all kinds, did not endure. We conclude by discussing our findings and their implications for research and practice.

Supplemental Material

Available for Download

zip

zimmermann.zip (6.5 MB)

Supplemental movie, appendix, image and software files for, The Nudge Puzzle: Matching Nudge Interventions to Cybersecurity Decisions

References

Alessandro Acquisti, Idris Adjerid, Rebecca Balebako, Laura Brandimarte, Lorrie Faith Cranor, Saranga Komanduri, Pedro Giovanni Leon, Norman Sadeh, Florian Schaub, Manya Sleeper, Yang Wang, and Shomir Wilson. 2017. Nudges for privacy and security: Understanding and assisting users’ choices online. ACM Computing Surveys 50, 3 (2017), 1--41. Google ScholarDigital Library
Reed Albergotti. 2014. Facebook Rolls Out Privacy Checkups to All 1.3 Billion Users. Retrieved May 13, 2018 from https://blogs.wsj.com/digits/2014/09/04/facebook-rolls-out-privacy-checkups-to-all-1-3-billion-users/.Google Scholar
Alberto Salazar. 2012. Libertarian paternalism and the dangers of nudging consumers. King’s Law Journal 23, 1 (2012), 51--67.Google Scholar
Hunt Allcott. 2011. Social norms and energy conservation. Journal of Public Economics 95, 9–10 (2011), 1082--1095.Google ScholarCross Ref
Hunt Allcott and Sendhil Mullainathan. 2010. Behavior and energy policy. Science 327, 5970 (2010), 1204--1205.Google Scholar
Hazim Almuhimedi, Florian Schaub, Norman Sadeh, Idris Adjerid, Alessandro Acquisti, Joshua Gluck, Lorrie Faith Cranor, and Yuvraj Agarwal. 2015. Your location has been shared 5,398 times!: A field study on mobile app privacy nudging. In Proceedings of the ACM Conference on Human Factors in Computing Systems (CHI’15). ACM, New York, NY, 787--796. Google ScholarDigital Library
American Psychological Association. 2016. Ethical Principles of Psychologists and Code of Conduct. Retrieved from http://www.apa.org/ethics/code/index.aspx.Google Scholar
AndroidCentral. 2017. More Android phones are using encryption and lock screen security than ever before. Retrieved December 4, 2019 from https://www.androidcentral.com/more-android-phones-are-using-encryption-and-lock-screen-security-ever.Google Scholar
Terrence August, Robert August, and Hyoduk Shin. 2014. Designing user incentives for cybersecurity. Communications of the ACM 57, 11 (2014), 43--46. Google ScholarDigital Library
Ian Ayres, Sophie Raseman, and Alice Shih. 2013. Evidence from two large field experiments that peer comparison feedback can reduce residential energy usage. The Journal of Law, Economics, and Organization 29, 5 (2013), 992--1022.Google ScholarCross Ref
Rebecca Balebako, Pedro G. Leon, Hazim Almuhimedi, Patrick Gage Kelley, Jonathan Mugan, Alessandro Acquisti, Lorrie Faith Cranor, and Norman Sadeh. 2011. Nudging users towards privacy on mobile devices. In Proceedings of the CHI Workshop on Persuasion, Nudge, Influence and Coercion. ACM, New York, NY, 1--4.Google Scholar
Adrien Barton and Till Grüne-Yanoff. 2015. From libertarian paternalism to nudging - and beyond. Review of Philosophy and Psychology 6, 3 (2015), 341--359.Google ScholarCross Ref
Yoav Benjamini and Yosef Hochberg. 1995. Controlling the false discovery rate: A practical and powerful approach to multiple testing. Journal of the Royal Statistical Society: Series B (Methodological) 57, 1 (1995), 289--300.Google ScholarCross Ref
Avril Blamey, Nanette Mutrie, and Aitchison Tom. 1995. Health promotion by encouraged use of stairs. British Medical Journal 311, 7000 (1995), 289--290.Google ScholarCross Ref
Elcomsoft Blog. 2017. Android Encryption Demystified. Retrieved December 4, 2019 from https://blog.elcomsoft.com/2017/05/android-encryption-demystified/.Google Scholar
Jennifer Swindell Blumenthal-Barby and Hadley Burroughs. 2012. Seeking better health care outcomes: The ethics of using the “nudge”. The American Journal of Bioethics 12, 2 (2012), 1--10.Google ScholarCross Ref
Jennifer s Blumenthal-Barby and Aanand D. Naik. 2015. In defense of nudge–autonomy compatibility. The American Journal of Bioethics 15, 10 (2015), 45--47.Google ScholarCross Ref
Jürgen Bortz and Christof Schuster. 2011. Statistics for Human and Social Scientists: Limited Special Edition (Statistik für Human-und Sozialwissenschaftler: Limitierte Sonderausgabe). Springer, Berlin.Google Scholar
Thom Brooks. 2013. Should we nudge informed consent? The American Journal of Bioethics 13, 6 (2013), 22--23.Google ScholarCross Ref
Patrick Brown. 2012. A nudge in the right direction? Towards a sociological engagement with libertarian paternalism. Social Policy and Society 11, 3 (2012), 305--317.Google ScholarCross Ref
Ryan Calo. 2014. Code, nudge or notice? Iowa Law Review 99, 2 (2014), 773--801.Google Scholar
Ana Caraban, Evangelos Karapanos, Daniel Gonçalves, and Pedro Campos. 2019. 23 ways to nudge: A review of technology-mediated nudging in human-computer interaction. In Proceedings of the ACM Conference on Human Factors in Computing Systems (CHI’19). ACM, New York, NY, 503. Google ScholarDigital Library
Pew Research Center. 2017. Many smartphone owners don’t take steps to secure their devices. Retrieved December 4, 2019 from https://www.pewresearch.org/fact-tank/2017/03/15/many-smartphone-owners-dont-take-steps-to-secure-their-devices/.Google Scholar
Eun Kyoung Choe, Jaeyeon Jung, Bongshin Lee, and Kristie Fisher. 2013. Nudging people away from privacy-invasive mobile apps through visual framing. In Proceedings of the IFIP Conference on Human-Computer Interaction. Springer, Berlin, 74--91.Google ScholarCross Ref
Robert B. Cialdini and Melanie R. Trost. 1998. Social influence: Social norms, conformity and compliance. In The Handbook of Social Psycholog (4 ed.). Daniel T. Gilbert, Susan T. Fiske, and Gardner Lindzey (Eds.). McGraw-Hill, New York, 151--192.Google Scholar
Jacob Cohen. 2013. Statistical Power Analysis for the Behavioral Sciences. Routledge, London, UK.Google Scholar
Russell DiSilvestro. 2012. What does not budge for any nudge?The American Journal of Bioethics 12, 2 (2012), 14--15.Google Scholar
Paul Dolan, Michael Hallsworth, David Halpern, Dominic King, Robert Metcalfe, and Ivo Vlaev. 2012. Influencing behaviour: The mindspace way. Journal of Economic Psychology 33, 1 (2012), 264--277.Google ScholarCross Ref
Paul Dolan, Michael Hallsworth, David Halpern, Dominic King, and Ivo Vlaev. 2010. MINDSPACE: Influencing behaviour for public policy. Retrieved December 5, 2019 from https://www.instituteforgovernment.org.uk/publications/mindspace.Google Scholar
Marc Dupuis and Faisal Khan. 2018. Effects of peer feedback on password strength. In Proceedings of the APWG Symposium on Electronic Crime Research (eCrime’18). IEEE, New York, NY, 1--9.Google ScholarCross Ref
Serge Egelman and Eyal Peer. 2015. Scaling the security wall: Developing a security behavior intentions scale (SEBIS). In Proceedings of the ACM Conference on Human Factors in Computing Systems (CHI’15). ACM, New York, NY, 2873--2882. Google ScholarDigital Library
EU GDPR Compliant. 2018. Cookies Consent under the GDPR. Retrieved December 5, 2019 from https://eugdprcompliant.com/cookies-consent-gdpr/.Google Scholar
Adrienne Porter Felt, Robert W. Reeder, Alex Ainslie, Helen Harris, Max Walker, Christopher Thompson, Mustafa Embre Acer, Elisabeth Morant, and Sunny Consolvo. 2016. Rethinking connection security indicators. In Proceedings of the Symposium on Usable Privacy and Security (SOUPS’16). Usenix, Berkeley, CA, 1--14. Google ScholarDigital Library
Thomas Franke, Christiane Attig, and Daniel Wessel. 2019. A personal resource for technology interaction: Development and validation of the affinity for technology interaction (ATI) scale. International Journal of Human–Computer Interaction 35, 6 (2019), 456--467.Google ScholarCross Ref
Gerd Gigerenzer, Ralph Hertwig, and Thorsten Pachur. 2011. Heuristics: The Foundations of Adaptive Behavior.Oxford University Press. Google ScholarDigital Library
Paul A. Grassi, Michael E. Garcia, and James L. Fenton. 2017. Digital identity guidelines. NIST Special Publication 800-63-3.Google Scholar
Pelle Guldborg Hansen. 2016. The definition of nudge and libertarian paternalism: Does the hand fit the glove? European Journal of Risk Regulation 7, 1 (2016), 155--174.Google ScholarCross Ref
Pelle Guldborg Hansen and Andreas Maaløe Jespersen. 2013. Nudge and the manipulation of choice: A framework for the responsible use of the nudge approach to behaviour change in public policy. European Journal of Risk Regulation 4, 1 (2013), 3--28.Google ScholarCross Ref
Marian Harbach, Alexander De Luca, Nathan Malkin, and Serge Egelman. 2016. Keep on lockin’ in the free world: A multi-national comparison of smartphone locking. In Proceedings of the ACM Conference on Human Factors in Computing Systems (CHI’16). ACM, New York, NY, 4823--4827. Google ScholarDigital Library
Daniel M. Hausman and Brynn Welch. 2010. Debate: To nudge or not to nudge. Journal of Political Philosophy 18, 1 (2010), 123--136.Google ScholarCross Ref
Crawford Hollingworth and Liz Barker. 2017. BE360: Protecting Consumers from ‘SLUDGE’. Retrieved January 2020 from https://www.research-live.com/article/features/be360-protecting-consumers-from-sludge/id/5031182.Google Scholar
Julian House, Elizabeth Lyons, and D. Soman. 2013. Towards a Taxonomy of Nudging Strategies. Rotman School of Management, University of Toronto.Google Scholar
Eric J. Johnson, Suzanne B. Shu, Benedict G.C. Dellaert, Craig Fox, Daniel G. Goldstein, Gerald Häubl, Richard P. Larrick, John W. Payne, Ellen Peters, David Schkade, Brian Wansink, and Elke U. Weber. 2012. Beyond nudges: Tools of a choice architecture. Marketing Letters 23, 2 (2012), 487--504.Google ScholarCross Ref
Daniel Kahneman and Patrick Egan. 2011. Thinking, Fast and Slow. Vol. 1. Farrar, Straus and Giroux, New York, NY.Google Scholar
Floor M. Kroese, David R. Marchiori, and Denise T. D. de Ridder. 2015. Nudging healthy food choices: A field experiment at the train station. Journal of Public Health 38, 2 (2015), e133–e137.Google ScholarCross Ref
Dominik J. Leiner. 2014. SoSci survey (Version 2.5. 00-i) [Computer software]. https://www.soscisurvey.de/.Google Scholar
Yiling Lin, Magda Osman, and Richard Ashcroft. 2017. Nudge: Concept, effectiveness, and ethics. Basic and Applied Social Psychology 39, 6 (2017), 293--306.Google ScholarCross Ref
Paul Lindhout and Genserik Reniers. 2017. What about nudges in the process industry? Exploring a new safety management tool. Journal of Loss Prevention in the Process Industries 50, Part A (2017), 243--256.Google Scholar
David R. Marchiori, Marieke A. Adriaanse, and Denise T. D. De Ridder. 2017. Unresolved questions in nudging research: Putting the psychology back in nudging. Social and Personality Psychology Compass 11, 1 (2017), e12297.Google ScholarCross Ref
Philipp Mayring. 2014. Qualitative Content Analysis: Theoretical Foundation, Basic Procedures and Software Solution. SSOAR Open Access Repository, Klagenfurth, Austria. Retrieved on January 2, 2021 from https://nbn-resolving.org/urn:nbn:de:0168-ssoar-395173.Google Scholar
Donald McMillan, Alistair Morrison, and Matthew Chalmers. 2013. Categorised ethical guidelines for large scale mobile HCI. In Proceedings of the ACM Conference on Human Factors in Computing Systems (CHI’13). ACM, New York, NY, 1853--1862. Google ScholarDigital Library
Adam W. Meade and S. Bartholomew Craig. 2012. Identifying careless responses in survey data.Psychological Methods 17, 3 (2012), 437.Google Scholar
Gabriela Michalek, Georg Meran, Reimund Schwarze, and Özgür Yildiz. 2016. Nudging as a New “Soft” Policy Tool: An Assessment of the Definitional Scope of Nudges, Practical Implementation Possibilities and Their Effectiveness. Technical Report. Economics Discussion Papers.Google Scholar
Gregory Mitchell. 2004. Libertarian paternalism is an oxymoron. Northwestern University Law Review 99, 3 (2004), 1245--1277.Google Scholar
Philippe Mongin and Mikaël Cozic. 2018. Rethinking nudge: Not one but three concepts. Behavioural Public Policy 2, 1 (2018), 107--124.Google ScholarCross Ref
NSW Government. 2016. NSW Behavioural insights team. Retrieved December 5, 2019 from https://www.dpc.nsw.gov.au/programs-and-services/behavioural-insights/.Google Scholar
Thomas R. V. Nys and Bart Engelen. 2017. Judging nudging: Answering the manipulation objection. Political Studies 65, 1 (2017), 199--214.Google ScholarCross Ref
European Federation of Psychologists’ Association. 2005. Meta-Code of Ethics. Retrieved from https://www.bdp-verband.de/binaries/content/assets/beruf/efpa_metacode_en.pdf.Google Scholar
Takahiro Ohyama and Akira Kanaoka. 2015. Password strength meters using social influence. In Proceedings of the Symposium on Usable Privacy and Security (SOUPS’15). Usenix, Berkely, CA, 1--2.Google Scholar
Folke Ölander and John Thøgersen. 2014. Informing versus nudging in environmental policy. Journal of Consumer Policy 37, 3 (2014), 341--356.Google ScholarCross Ref
Magda Osman. 2004. An evaluation of dual-process theories of reasoning. Psychonomic Bulletin 8 Review 11, 6 (2004), 988--1010.Google Scholar
Magda Osman. 2016. Nudge: How far have we come?Œconomia. History, Methodology, Philosophy 6, 4 (2016), 557--570.Google Scholar
Kathryn Parsons, Dragana Calic, Malcolm Pattinson, Marcus Butavicius, Agata McCormac, and Tara Zwaans. 2017. The human aspects of information security questionnaire (HAIS-Q): Two further validation studies. Computers 8 Security 66 (2017), 40--51. Google ScholarDigital Library
Charlie Pinder, Jo Vermeulen, Benjamin R. Cowan, and Russell Beale. 2018. Digital behaviour change interventions to break and form habits. ACM Transactions on Computer-Human Interaction 25, 3 (2018), 15. Google ScholarDigital Library
Thomas Ploug and Søren Holm. 2015. Doctors, patients, and nudging in the clinical context-four views on nudging and informed consent. The American Journal of Bioethics 15, 10 (2015), 28--38.Google ScholarCross Ref
Android Open Source Project. n.d.. Encryption. Retrieved December 4, 2019 from https://source.android.com/security/encryption/full-disk.Google Scholar
Fahimeh Raja, Kirstie Hawkey, Steven Hsu, Kai-Le Clement Wang, and Konstantin Beznosov. 2011. A brick wall, a locked door, and a bandit: A physical security metaphor for firewall warnings. In Proceedings of the Symposium on Usable Privacy and Security (SOUPS’11). ACM, New York, NY, 1. Google ScholarDigital Library
Amon Rapp, Maurizio Tirassa, and Lia Tirabeni. 2019. Rethinking technologies for behavior change: A view from the inside of human change. ACM Transactions on Computer-Human Interaction 26, 4 (2019), 1--30. Google ScholarDigital Library
Imran Rasul and David Hollywood. 2012. Behavior change and energy use: Is a ‘nudge’ enough?Carbon Management 3, 4 (2012), 349--351.Google Scholar
Karen Renaud and Marc Dupuis. 2019. Cyber security fear appeals: Unexpectedly complicated. In Proceedings of the New Security Paradigms Workshop. 42--56. Google ScholarDigital Library
Karen Renaud, Joseph Maguire, Verena Zimmermann, and Steve Draper. 2017. Lessons learned from evaluating eight password nudges in the wild. In Proceedings of the LASER Workshop. USENIX, Berkeley, CA, 25--37.Google Scholar
Karen Renaud and Verena Zimmermann. 2018. Ethical guidelines for nudging in information security 8 privacy. International Journal of Human-Computer Studies 120 (2018), 22--35.Google ScholarCross Ref
Karen Renaud and Verena Zimmermann. 2019. Nudging folks towards stronger password choices: Providing certainty is the key. Behavioural Public Policy 3, 2 (2019), 228--258.Google ScholarCross Ref
Patrick Rössler. 2017. Content Analysis (Inhaltsanalyse). Vol. 2671. UTB.Google Scholar
Evan Selinger and Kyle Powys Whyte. 2012. What counts as a nudge?The American Journal of Bioethics 12, 2 (2012), 11--12.Google Scholar
Diana K. Smetters and Rebecca E. Grinter. 2002. Moving from the design of usable security technologies to the design of useful secure applications. In Proceedings of the Workshop on New Security Paradigms (NSPW’02). ACM, New York, NY, 82--89. Google ScholarDigital Library
Keith E. Stanovich and Richard F. West. 2000. Individual differences in reasoning: Implications for the rationality debate? Behavioral and Brain Sciences 23, 5 (2000), 645--665.Google ScholarCross Ref
Cass R. Sunstein. 2015. Nudges do not undermine human agency. Journal of Consumer Policy 38, 3 (2015), 207--210.Google ScholarCross Ref
Cass R. Sunstein. 2017. Forcing people to choose is paternalistic. Missouri Law Review 82, 3 (2017), 643--667.Google Scholar
Cass R. Sunstein. 2017. Nudges that fail. Behavioural Public Policy 1, 1 (2017), 4--25.Google ScholarCross Ref
Cass R. Sunstein and Richard H. Thaler. 2003. Libertarian paternalism is not an oxymoron. The University of Chicago Law Review 70, 4 (2003), 1159--1202.Google ScholarCross Ref
Behavioural Insights Team. 2011. Behavioural Insights Team Annual Update 2010–11. Cabinet Office: London, UK. Retrieved October 14, 2020 from https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/60537/Behaviour-Change-Insight-Team-Annual-Update_acc.pdf.Google Scholar
Richard H. Thaler and Cass R. Sunstein. 2008. Nudge: Improving Decisions About Health, Wealth, and Happiness. Yale University Press, New Haven, CT.Google Scholar
The British Psychological Society. 2014. Code of Human Research Ethics. Retrieved on January 2, 2021 from http://www.bps.org.uk/publications/policy-and-guidelines/research-guidelines-policy-documents/research-guidelines-poli.Google Scholar
James Turland, Lynne Coventry, Debora Jeske, Pam Briggs, and Aad van Moorsel. 2015. Nudging towards security: Developing an application for wireless network selection for Android phones. In Proceedings of the British HCI Conference. ACM, New York, NY, 193--201. Google ScholarDigital Library
James Kevin Turland. 2016. Aiding Information Security Decisions with Human Factors Using Quantitative and Qualitative Techniques. Ph.D. Dissertation. School of Computing Science, Newcastle University.Google Scholar
Blase Ur, Felicia Alfieri, Maung Aung, Lujo Bauer, Nicolas Christin, Jessica Colnago, Lorrie Faith Cranor, Henry Dixon, Pardis Emami Naeini, Hana Habib, Noah Johnson, and William Melicher. 2017. Design and evaluation of a data-driven password meter. In Proceedings of the ACM Conference on Human Factors in Computing Systems (CHI’17). ACM, New York, NY, 3775--3786. Google ScholarDigital Library
Blase Ur, Patrick Gage Kelley, Saranga Komanduri, Joel Lee, Michael Maass, Michelle L. Mazurek, Timothy Passaro, Richard Shay, Timothy Vidas, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. 2012. How does your password measure up? The effect of strength meters on password creation. In Proceedings of the USENIX Security Symposium (USENIX Security’12). USENIX, Berkeley, CA, 65--80. Google ScholarDigital Library
Anthony Vance, David Eargle, Kirk Ouimet, and Detmar Straub. 2013. Enhancing password security through interactive fear appeals: A web-based field experiment. In Proceedings of the Hawaii International Conference on System Sciences (HICSS’13). IEEE, New York, NY, 2988--2997. Google ScholarDigital Library
Emanuel von Zezschwitz, Malin Eiband, Daniel Buschek, Sascha Oberhuber, Alexander De Luca, Florian Alt, and Heinrich Hussmann. 2016. On quantifying the effective password space of grid-based unlock gestures. In Proceedings of the International Conference on Mobile and Ubiquitous Multimedia (MUM’16). ACM, New York, NY, 201--212. Google ScholarDigital Library
Yang Wang, Pedro Giovanni Leon, Alessandro Acquisti, Lorrie Faith Cranor, Alain Forget, and Norman Sadeh. 2014. A field trial of privacy nudges for Facebook. In Proceedings of the ACM Conference on Human Factors in Computing Systems (CHI’14). ACM, New York, NY, 2367--2376. Google ScholarDigital Library
Brian Wansink. 2004. Environmental factors that increase the food intake and consumption volume of unknowing consumers. Annual Review of Nutrition 24 (2004), 455--479.Google ScholarCross Ref
Markus Weinmann, Christoph Schneider, and Jan vom Brocke. 2016. Digital nudging. Business 8 Information Systems Engineering 58, 6 (2016), 433--436.Google Scholar
Mark White. 2013. The Manipulation of Choice: Ethics and Libertarian Paternalism. Palgrave Macmillan, New York, NY.Google Scholar
Karen Yeung. 2016. The forms and limits of choice architecture as a tool of government. Law 8 Policy 38, 3 (2016), 186--210.Google Scholar

Index Terms

The Nudge Puzzle: Matching Nudge Interventions to Cybersecurity Decisions
1. Human-centered computing
  1. Human computer interaction (HCI)
    1. Empirical studies in HCI
    2. HCI theory, concepts and models
2. Security and privacy
  1. Human and societal aspects of security and privacy
    1. Social aspects of security and privacy

Recommendations

The Nudge Deck: A Design Support Tool for Technology-Mediated Nudging
DIS '20: Proceedings of the 2020 ACM Designing Interactive Systems Conference

The idea of nudging - that subtle changes in the 'choice architecture' can alter people's behaviors in predictable ways - was eagerly adopted by HCI researchers and practitioners over the past decade. Yet, the design of effective nudging interventions ...
Read More
Nudge or Restraint: How do People Assess Nudging in Cybersecurity - A Representative Study in Germany
EuroUSEC '21: Proceedings of the 2021 European Symposium on Usable Security

While nudging is a long-established instrument in many contexts, it has more recently emerged to be relevant in cybersecurity as well. For instance, existing research suggests nudges for stronger passwords or safe WiFi connections. However, those ...
Read More
Can We Nudge Users Toward Better Password Management?: An Initial Study
CHI EA '18: Extended Abstracts of the 2018 CHI Conference on Human Factors in Computing Systems

Nudge theory has been widely used in government and health interventions for the subtlety with which it positively influences choices. But, can this gentle nudge influence users to exhibit secure online account behaviors? And further, which of the nudge ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Transactions on Computer-Human Interaction Volume 28, Issue 1
February 2021
322 pages
ISSN:1073-0516
EISSN:1557-7325
DOI:10.1145/3447785
Editor:
Kristina Höök
KTH Royal Institute of Technology, Sweden
Issue’s Table of Contents
Copyright © 2021 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 20 January 2021
- Accepted: 1 October 2020
- Revised: 1 May 2020
- Received: 1 January 2020
Published in tochi Volume 28, Issue 1

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Nudging
decision making
feedback
information
privacy
security
Qualifiers
- research-article
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 41
  Total Citations
  View Citations
- 1,590
  Total Downloads
- Downloads (Last 12 months)392
- Downloads (Last 6 weeks)28
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format .

View HTML Format

The Nudge Puzzle: Matching Nudge Interventions to Cybersecurity Decisions

ACM Transactions on Computer-Human Interaction

Abstract

Supplemental Material

Available for Download

References

Cited By

Index Terms

Recommendations

The Nudge Deck: A Design Support Tool for Technology-Mediated Nudging

Nudge or Restraint: How do People Assess Nudging in Cybersecurity - A Representative Study in Germany

Can We Nudge Users Toward Better Password Management?: An Initial Study