Be the first to like this
There is a prevailing belief that users are the weakest link the security chain. In this presentation, Dr. Chiasson discusses how this perspective is inherently counterproductive to achieving increased cyber security and explore alternatives with a higher chance of improving security. Why do users behave insecurely even though most will readily state that security and privacy are important? This talk will cover some of our recent research exploring reasons why users' actions do not necessarily reflect their desire for security and how the configuration of security systems may actually weaken security in practice. She presents her work using eye-tracking to determine how users make phishing determinations, and how we can persuade users to behave more securely through improving their mental models of passwords and by making adjustments to the system configurations.