Abstract
A construct for intentional habit formation is suggested as a possible mitigation to the disparity between user capability and systems requirements. The importance of usable security is well represented in early discussions ([3]; Sasse 2001). Twenty years after M. S. Ackerman [7] provided a significant discussion of the “gap” between what humans need and what computers can support, the “social-technical gap” in privacy and security management continues. Humans, for many reasons, cannot make good, consistent decisions regarding security. Current and foundational theoretical understandings of human limitations are outlined, in both an individual and social context. The difference between current systems and principles of interface and interaction design are highlighted. Finally, a possible ameliorating step is suggested. Specifically, a movement from reliance on human cognition and decision making to a reliance on habit formation.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Swanson, M., Guttman, B.: Generally accepted principles and practices for securing information technology systems. National Institute of Standards and Technology, Technology Administration (1996)
Ahmed, M., et al.: Human errors in information security. Int. J. Adv. Trends Comput. Sci. Eng. 1(3), 82–87 (2012)
Adams, A., Sasse, M.: Users are not the enemy. Commun. ACM 49(12), 41–46 (1999)
Kokolakis, S.: Privacy attitudes and privacy behaviour: a review of current research on the privacy paradox phenomenon. Comput. Secur. 64, 122–134 (2017)
Norberg, P.A., Horne, D.R., Horne, D.A.: The privacy paradox: personal information disclosure intentions versus behaviors. J. Consum. Affairs 41(1), 100–126 (2007)
Shneiderman, B., et al.: Designing the User Interface: Strategies for Effective Human-Computer Interaction. Pearson Education, London (2016)
Ackerman, M.S.: The interllectual challenge of CSCW: the gap between social requirements and technical feasibility. Hum.-Comput. Interact. 15(2–3), 179–204 (2000)
Richards, K.E.: Risk analysis of the discoverability of personal data used for primary and secondary authentication. University of Maryland Baltimore County, MD, USA (2017)
Reeder, R., Schechter, S.: When the password doesn’t work: secondary authentication for websites. IEEE Secur. Priv. 9(2), 43–49 (2011)
Bush, V.: As we may think. Atlantic Monthly, pp. 101–108 (1945)
MacKenzie, I.S.: Human-computer interaction: An empirical research perspective. Elsevier, New York (2013)
Simon, H.A., Bounded rationality. In: Utility and probability. pp. 15–18. Springer (1990)
Acquisti, A., Grossklags, J.: Privacy and rationality in individual decision making. IEEE Secur. Priv. 3(1), 26–33 (2005)
Dinev, T., Hart, P.: An extended privacy calculus model for e-commerce transactions. Inf. Syst. Res. 17(1), 61–80 (2006)
Thomas, J.C., Richards, J.T.: Achieving psychological simplicity: Measures and methods to reduce cognitive complexity. Hum.-Comput. Interact.: Des. Issues Solut. Appl. 161, 489–508 (2009)
Nielsen, J.: Ten usability heuristics (2005). http://www.nngroup.com/articles/ten-usability-heuristics/. Accessed
Miller, G.: The magical number seven, plus or minus two some limits on our capacity for processing information. Psychol. Rev. 101(2), 343–352 (1955)
Olson, G.M., Olson, J.S.: Research on computer supported cooperative work. In: Handbook of Human-Computer Interaction, pp. 1433–1456. Elsevier (1997)
Tan, Q., Pivot, F.: Big data privacy: changing perception of privacy. In: 2015 IEEE International Conference on Smart City/SocialCom/SustainCom (SmartCity). IEEE (2015)
Lederer, S., Dey, A.K., Mankoff, J.: Everyday privacy in ubiquitous computing environments. In: Ubicomp 2002 Workshop on Socially-Informed Design of Privacy-Enhancing Solutions in Ubiquitous Computing (2002)
Wilkinson, D., et al.: Privacy at a glance: the user-centric design of glanceable data exposure visualizations. Proc. Priv. Enhancing Technol. 2020(2), 416–435 (2020)
Moor, A., Aakhus, M.: Argumentation support: from technologies to tools. Commun. ACM 49(3), 93–98 (2006)
McDonald, A.M., Cranor, L.F.: The cost of reading privacy policies. J. Law Policy Inf. Soc. 4, 543 (2008)
Wen, Z.A., et al.: What. hack: learn phishing email defence the fun way. In: Proceedings of the 2017 CHI Conference Extended Abstracts on Human Factors in Computing Systems (2017)
Richtel, M., Kopytoff, V.G.: E-mail fraud hides behind friendly face. The New York Times, p. 2 (2011)
Zurko, M.E.: User-centered security: stepping up to the grand challenge. In: 21st Annual Computer Security Applications Conference (ACSAC 2005). IEEE (2005)
Halevi, T., Memon, N., Nov, O.: Spear-phishing in the wild: a real-world study of personality, phishing self-efficacy and vulnerability to spear-phishing attacks. Phishing Self-Efficacy and Vulnerability to Spear-Phishing Attacks, 2 January 2015
Alashoor, T., Al-Maidani, N., Al-Jabri, I.: The privacy calculus under positive and negative mood states (2018)
Maslow, A., Lewis, K.J.: Maslow’s hierarchy of needs. Salenger Inc. 14, 987 (1987)
Olson, D.A., Liu, J., Shultz, K.S.: The influence of Facebook usage on perceptions of social support, personal efficacy, and life satisfaction. J. Organ. Pscol. 12(3/4), 133–144 (2012)
Bonneau, J., et al.: The quest to replace passwords: A framework for comparative evaluation of web authentication schemes, pp. 553–567 (2012)
Brown, A.S., et al.: Generating and remembering passwords. Appl. Cogn. Psychol. 18(6), 641–651 (2004)
Grawemeyer, B., Johnson, H.: Using and managing multiple passwords: a week to a view. Interact. Comput. 23(3), 256–267 (2011)
Vila, T., Greenstadt, R., Molnar, D.: Why we can’t be bothered to read privacy policies models of privacy economics as a lemons market. In: Proceedings of the 5th International Conference on Electronic Commerce (2003)
Bada, M., Sasse, A.M., Nurse, J.R.: Cyber security awareness campaigns: Why do they fail to change behaviour? arXiv preprint arXiv:1901.02672 (2019)
Wood, W., Neal, D.T.: A new look at habits and the habit-goal interface. Psychol. Rev. 114(4), 843 (2007)
Lally, P., Gardner, B.: Promoting habit formation. Health Psychol. Rev. 7(sup1), S137–S158 (2013)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Richards, K.E. (2020). Habituation: A Possible Mitigation of a Wicked Problem. In: Corradini, I., Nardelli, E., Ahram, T. (eds) Advances in Human Factors in Cybersecurity. AHFE 2020. Advances in Intelligent Systems and Computing, vol 1219. Springer, Cham. https://doi.org/10.1007/978-3-030-52581-1_13
Download citation
DOI: https://doi.org/10.1007/978-3-030-52581-1_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-52580-4
Online ISBN: 978-3-030-52581-1
eBook Packages: EngineeringEngineering (R0)