The purpose of this study is to understand user perceptions and misconceptions regarding security tools. Security and privacy-preserving tools (for brevity, the authors term them as “security tools” in this paper, unless otherwise specified) are designed to protect the security and privacy of people in the digital environment. However, inappropriate use of these tools can lead to unexpected consequences that are preventable. Hence, it is significant to examine why users do not understand the security tools.
The authors conducted a qualitative study with 40 participants in the USA to investigate the prevalent misconceptions of people regarding security tools, their perceptions of data access and the corresponding impact on their usage behavior and data protection strategies.
While security vulnerabilities are often rooted in people’s internet usage behavior, this study examined user’s mental models of the internet and unpacked how the misconceptions about security tools relate to those mental models.
Based on the findings, this study offers recommendations highlighting the design aspects of security tools that need careful attention from researchers and industry practitioners, to alleviate users’ misconceptions and provide them with accurate conceptual models toward the desired use of security tools.
The article is submitted to Information and Computer Security.
Dumaru, P., Shrestha, A., Paudel, R., Haverkamp, C., McClain, M.B. and Al-Ameen, M.N. (2023), "“…I have my dad, sister, brother, and mom’s password”: unveiling users’ mental models of security and privacy-preserving tools", Information and Computer Security, Vol. ahead-of-print No. ahead-of-print. https://doi.org/10.1108/ICS-04-2023-0047
Emerald Publishing Limited
Copyright © 2023, Emerald Publishing Limited