Skip to main content

Habituation: A Possible Mitigation of a Wicked Problem

  • Conference paper
  • First Online:
Advances in Human Factors in Cybersecurity (AHFE 2020)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 1219))

Included in the following conference series:

Abstract

A construct for intentional habit formation is suggested as a possible mitigation to the disparity between user capability and systems requirements. The importance of usable security is well represented in early discussions ([3]; Sasse 2001). Twenty years after M. S. Ackerman [7] provided a significant discussion of the “gap” between what humans need and what computers can support, the “social-technical gap” in privacy and security management continues. Humans, for many reasons, cannot make good, consistent decisions regarding security. Current and foundational theoretical understandings of human limitations are outlined, in both an individual and social context. The difference between current systems and principles of interface and interaction design are highlighted. Finally, a possible ameliorating step is suggested. Specifically, a movement from reliance on human cognition and decision making to a reliance on habit formation.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Swanson, M., Guttman, B.: Generally accepted principles and practices for securing information technology systems. National Institute of Standards and Technology, Technology Administration (1996)

    Google Scholar 

  2. Ahmed, M., et al.: Human errors in information security. Int. J. Adv. Trends Comput. Sci. Eng. 1(3), 82–87 (2012)

    Google Scholar 

  3. Adams, A., Sasse, M.: Users are not the enemy. Commun. ACM 49(12), 41–46 (1999)

    Google Scholar 

  4. Kokolakis, S.: Privacy attitudes and privacy behaviour: a review of current research on the privacy paradox phenomenon. Comput. Secur. 64, 122–134 (2017)

    Article  Google Scholar 

  5. Norberg, P.A., Horne, D.R., Horne, D.A.: The privacy paradox: personal information disclosure intentions versus behaviors. J. Consum. Affairs 41(1), 100–126 (2007)

    Article  Google Scholar 

  6. Shneiderman, B., et al.: Designing the User Interface: Strategies for Effective Human-Computer Interaction. Pearson Education, London (2016)

    Google Scholar 

  7. Ackerman, M.S.: The interllectual challenge of CSCW: the gap between social requirements and technical feasibility. Hum.-Comput. Interact. 15(2–3), 179–204 (2000)

    Article  Google Scholar 

  8. Richards, K.E.: Risk analysis of the discoverability of personal data used for primary and secondary authentication. University of Maryland Baltimore County, MD, USA (2017)

    Google Scholar 

  9. Reeder, R., Schechter, S.: When the password doesn’t work: secondary authentication for websites. IEEE Secur. Priv. 9(2), 43–49 (2011)

    Article  Google Scholar 

  10. Bush, V.: As we may think. Atlantic Monthly, pp. 101–108 (1945)

    Google Scholar 

  11. MacKenzie, I.S.: Human-computer interaction: An empirical research perspective. Elsevier, New York (2013)

    Google Scholar 

  12. Simon, H.A., Bounded rationality. In: Utility and probability. pp. 15–18. Springer (1990)

    Google Scholar 

  13. Acquisti, A., Grossklags, J.: Privacy and rationality in individual decision making. IEEE Secur. Priv. 3(1), 26–33 (2005)

    Article  Google Scholar 

  14. Dinev, T., Hart, P.: An extended privacy calculus model for e-commerce transactions. Inf. Syst. Res. 17(1), 61–80 (2006)

    Article  Google Scholar 

  15. Thomas, J.C., Richards, J.T.: Achieving psychological simplicity: Measures and methods to reduce cognitive complexity. Hum.-Comput. Interact.: Des. Issues Solut. Appl. 161, 489–508 (2009)

    Google Scholar 

  16. Nielsen, J.: Ten usability heuristics (2005). http://www.nngroup.com/articles/ten-usability-heuristics/. Accessed

  17. Miller, G.: The magical number seven, plus or minus two some limits on our capacity for processing information. Psychol. Rev. 101(2), 343–352 (1955)

    Article  Google Scholar 

  18. Olson, G.M., Olson, J.S.: Research on computer supported cooperative work. In: Handbook of Human-Computer Interaction, pp. 1433–1456. Elsevier (1997)

    Google Scholar 

  19. Tan, Q., Pivot, F.: Big data privacy: changing perception of privacy. In: 2015 IEEE International Conference on Smart City/SocialCom/SustainCom (SmartCity). IEEE (2015)

    Google Scholar 

  20. Lederer, S., Dey, A.K., Mankoff, J.: Everyday privacy in ubiquitous computing environments. In: Ubicomp 2002 Workshop on Socially-Informed Design of Privacy-Enhancing Solutions in Ubiquitous Computing (2002)

    Google Scholar 

  21. Wilkinson, D., et al.: Privacy at a glance: the user-centric design of glanceable data exposure visualizations. Proc. Priv. Enhancing Technol. 2020(2), 416–435 (2020)

    Article  Google Scholar 

  22. Moor, A., Aakhus, M.: Argumentation support: from technologies to tools. Commun. ACM 49(3), 93–98 (2006)

    Article  Google Scholar 

  23. McDonald, A.M., Cranor, L.F.: The cost of reading privacy policies. J. Law Policy Inf. Soc. 4, 543 (2008)

    Google Scholar 

  24. Wen, Z.A., et al.: What. hack: learn phishing email defence the fun way. In: Proceedings of the 2017 CHI Conference Extended Abstracts on Human Factors in Computing Systems (2017)

    Google Scholar 

  25. Richtel, M., Kopytoff, V.G.: E-mail fraud hides behind friendly face. The New York Times, p. 2 (2011)

    Google Scholar 

  26. Zurko, M.E.: User-centered security: stepping up to the grand challenge. In: 21st Annual Computer Security Applications Conference (ACSAC 2005). IEEE (2005)

    Google Scholar 

  27. Halevi, T., Memon, N., Nov, O.: Spear-phishing in the wild: a real-world study of personality, phishing self-efficacy and vulnerability to spear-phishing attacks. Phishing Self-Efficacy and Vulnerability to Spear-Phishing Attacks, 2 January 2015

    Google Scholar 

  28. Alashoor, T., Al-Maidani, N., Al-Jabri, I.: The privacy calculus under positive and negative mood states (2018)

    Google Scholar 

  29. Maslow, A., Lewis, K.J.: Maslow’s hierarchy of needs. Salenger Inc. 14, 987 (1987)

    Google Scholar 

  30. Olson, D.A., Liu, J., Shultz, K.S.: The influence of Facebook usage on perceptions of social support, personal efficacy, and life satisfaction. J. Organ. Pscol. 12(3/4), 133–144 (2012)

    Google Scholar 

  31. Bonneau, J., et al.: The quest to replace passwords: A framework for comparative evaluation of web authentication schemes, pp. 553–567 (2012)

    Google Scholar 

  32. Brown, A.S., et al.: Generating and remembering passwords. Appl. Cogn. Psychol. 18(6), 641–651 (2004)

    Article  Google Scholar 

  33. Grawemeyer, B., Johnson, H.: Using and managing multiple passwords: a week to a view. Interact. Comput. 23(3), 256–267 (2011)

    Article  Google Scholar 

  34. Vila, T., Greenstadt, R., Molnar, D.: Why we can’t be bothered to read privacy policies models of privacy economics as a lemons market. In: Proceedings of the 5th International Conference on Electronic Commerce (2003)

    Google Scholar 

  35. Bada, M., Sasse, A.M., Nurse, J.R.: Cyber security awareness campaigns: Why do they fail to change behaviour? arXiv preprint arXiv:1901.02672 (2019)

  36. Wood, W., Neal, D.T.: A new look at habits and the habit-goal interface. Psychol. Rev. 114(4), 843 (2007)

    Article  Google Scholar 

  37. Lally, P., Gardner, B.: Promoting habit formation. Health Psychol. Rev. 7(sup1), S137–S158 (2013)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Kirsten E. Richards .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2020 The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Richards, K.E. (2020). Habituation: A Possible Mitigation of a Wicked Problem. In: Corradini, I., Nardelli, E., Ahram, T. (eds) Advances in Human Factors in Cybersecurity. AHFE 2020. Advances in Intelligent Systems and Computing, vol 1219. Springer, Cham. https://doi.org/10.1007/978-3-030-52581-1_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-52581-1_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-52580-4

  • Online ISBN: 978-3-030-52581-1

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics