Personalized Security Messaging: Nudges for Compliance with Browser Warnings

TitlePersonalized Security Messaging: Nudges for Compliance with Browser Warnings
Publication TypeConference Paper
Year of Publication2017
AuthorsMalkin, N., Mathur A., Harbach M., & Egelman S.
Published inProceedings of the European Workshop on Usable Security (EuroUSEC '17)
Date Published2017
Abstract

Decades of psychology and decision-making research show that everyone makes decisions differently; yet security messaging is still one-size-fits-all. This suggests that we can improve outcomes by delivering information relevant to how each individual makes decisions. We tested this hypothesis by designing messaging customized for stable personality traits— specifically, the five dimensions of the General Decision-Making Style (GDMS) instrument. We applied this messaging to browser warnings, security messaging encountered by millions of web users on a regular basis. To test the efficacy of our nudges, we conducted experiments with 1,276 participants, who encountered a warning about broken HTTPS due to an invalid certificate under realistic circumstances. While the effects of some nudges correlated with certain traits in a statistically significant manner, we could not reject the null hypothesis—that the intervention did not affect the subjects’ behavior—for most of our nudges, especially after accounting for participants who did not pay close attention to the message. In this paper, we present the detailed results of our experiments, discuss potential reasons for why the outcome contradicts the decision-making research, and identify lessons for researchers based on our experience. 

Acknowledgment

The authors would like to thank Eyal Peer for his input on the design, development, and analysis of the results of our study, as well as Hana Habib and Ariel Tikotsky for their help in the development of the nudges. This work was supported in part by the Center for Long Term Cybersecurity at the University of California, Berkeley; the National Science Foundation (NSF) under CNS-1528070; and the United States – Israel Binational Science Foundation (BSF) under grant #2014626. 

URLhttps://www.internetsociety.org/sites/default/files/eurousec2017_08_Malkin_paper.pdf
ICSI Research Group

Usable Security and Privacy