Digital security technology is able to identify and prevent many threats to users accounts. However, some threats remain that, to provide reliable security, require human intervention: e.g., through users paying attention to warning messages or completing secondary authentication procedures. While prior work has broadly explored people's mental models of digital security threats, we know little about users' precise, in-the-moment response process to in-the-wild threats. In this work, we conduct a series of qualitative interviews (n=67) with users who had recently experienced suspicious login incidents on their real Facebook accounts in order to explore this process of account security incident response. We find a common process across participants from five countries -- with differing online and offline cultures -- allowing us to identify areas for future technical development to best support user security. We provide additional insights on the unique nature of incident-response information seeking, known attacker threat models, and lessons learned from a large, cross-cultural qualitative study of digital security.
翻译:数字安全技术能够识别和防止用户账户面临的许多威胁,然而,一些威胁仍然存在,为了提供可靠的安全,需要人干预:例如,通过用户关注警告信息或完成二级认证程序。虽然先前的工作广泛探索了人们对数字安全威胁的心理模式,但我们对用户准确的、即时应对当前威胁的过程知之甚少。在这项工作中,我们与最近在其真实脸书账户上遇到可疑登录事件的用户进行了一系列定性访谈(n=67),以探索账户安全事件应对过程。我们发现来自五个国家(具有不同在线和离线文化)的参与者有一个共同进程,使我们能够确定未来技术发展的领域,以最好地支持用户安全。我们就事件应对信息的独特性质、已知攻击者威胁模式以及从大规模、跨文化的数字安全定性研究中吸取的经验教训提供了更多见解。