{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,3]],"date-time":"2026-05-03T03:01:56Z","timestamp":1777777316563,"version":"3.51.4"},"reference-count":276,"publisher":"Emerald","issue":"1-2","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022,12,31]]},"abstract":"How can we encourage end-user acceptance of expert recommended cybersecurity and privacy (S&P) behaviors? We review prior art in human-centered S&P and identified three barriers to end-user acceptance of expert recommendations: (1) awareness: i.e., people may not know of relevant security threats and appropriate mitigation measures; (2) motivation: i.e., people may be unwilling to enact S&P behaviors because, e.g., the perceived costs are too high, and (3) ability; i.e., people may not know when, why, and how to effectively implement S&P behaviors. These three barriers make up what we call the \u00e2\u20ac\u0153Security & Privacy Acceptance Framework\u00e2\u20ac&#x9d; (SPAF). We then review and critically analyze prior work that has explored mitigating one or more of the barriers that make up the SPAF. Finally, using the SPAF as a lens, we discuss how the human-centered S&P community might re-orient to encourage widespread end-user acceptance of pro-S&P behaviors by employing integrative approaches that address each one of the awareness, motivation, and ability barriers.<\/jats:p>","DOI":"10.1561\/3300000026","type":"journal-article","created":{"date-parts":[[2022,12,30]],"date-time":"2022-12-30T03:40:47Z","timestamp":1672371647000},"page":"1-143","source":"Crossref","is-referenced-by-count":12,"title":["The Security & Privacy Acceptance Framework (SPAF)"],"prefix":"10.1108","volume":"5","author":[{"given":"Sauvik","family":"Das","sequence":"first","affiliation":[{"name":"Carnegie Mellon University ,","place":["USA"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Cori","family":"Faklaris","sequence":"additional","affiliation":[{"name":"University of North Carolina , ,","place":["Charlotte, USA"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jason I.","family":"Hong","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University ,","place":["USA"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Laura A.","family":"Dabbish","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University ,","place":["USA"]}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"140","published-online":{"date-parts":[[2022,12,31]]},"reference":[{"key":"2026033014311676100_ref001","doi-asserted-by":"crossref","first-page":"2473","DOI":"10.1145\/3319535.3363192","article-title":"Let\u2019s Encrypt: an automated certificate authority to encrypt the entire web","volume-title":"Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security.","author":"Aas","year":"2019"},{"key":"2026033014311676100_ref002","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1109\/SecDev.2016.013","article-title":"You are not your developer, either: A research agenda for usable security and privacy research beyond end users","volume-title":"2016 IEEE Cybersecurity Development (SecDev):","author":"Acar","year":"2016"},{"issue":"2-3","key":"2026033014311676100_ref003","doi-asserted-by":"crossref","first-page":"179","DOI":"10.1207\/S15327051HCI1523_5","article-title":"The intellectual challenge of CSCW: the gap between social requirements and technical feasibility","volume":"15","author":"Ackerman","year":"2000","journal-title":"Human-Computer Interaction."},{"issue":"3","key":"2026033014311676100_ref004","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3054926","article-title":"Nudges for privacy and security: Understanding and assisting users\u2019 choices online","volume":"50","author":"Acquisti","year":"2017","journal-title":"ACM Computing Surveys (CSUR)."},{"key":"2026033014311676100_ref005","doi-asserted-by":"crossref","first-page":"509","DOI":"10.1126\/science.aaa1465","article-title":"Privacy and human behavior in the age of information","author":"Acquisti","year":"2015","journal-title":"Science."},{"issue":"1","key":"2026033014311676100_ref006","doi-asserted-by":"crossref","first-page":"26","DOI":"10.1109\/MSP.2005.22","article-title":"Privacy and rationality in individual decision making","volume":"3","author":"Acquisti","year":"2005","journal-title":"IEEE security & privacy."},{"issue":"12","key":"2026033014311676100_ref007","doi-asserted-by":"publisher","first-page":"40","DOI":"10.1145\/322796.322806","article-title":"Users are not the enemy","volume":"42","author":"Adams","year":"1999","journal-title":"Communications of the ACM (CACM)."},{"key":"2026033014311676100_ref008","doi-asserted-by":"crossref","DOI":"10.1108\/ICS-11-2016-0085","article-title":"Measuring attitude towards personal data for adaptive cybersecurity","volume-title":"Information & Computer Security","author":"Addae","year":"2017"},{"issue":"2","key":"2026033014311676100_ref009","doi-asserted-by":"crossref","first-page":"179","DOI":"10.1016\/0749-5978(91)90020-T","article-title":"The theory of planned behavior","volume":"50","author":"Ajzen","year":"1991","journal-title":"Organizational behavior and human decision processes."},{"key":"2026033014311676100_ref010","first-page":"257","article-title":"Alice in warningland: a large-scale field study of browser security warning effectiveness","volume-title":"Proc. USENIX Sec\u201913.","author":"Akhawe","year":"2013"},{"key":"2026033014311676100_ref011","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3512904","article-title":"From Parental Control to Joint Family Oversight: Can Parents and Teens Manage Mobile Online Safety and Privacy as Equals?","volume":"6","author":"Akter","year":"2022","journal-title":"Proceedings of the ACM on Human-Computer Interaction."},{"key":"2026033014311676100_ref012","doi-asserted-by":"crossref","first-page":"787","DOI":"10.1145\/2702123.2702210","article-title":"Your location has been shared 5,398 times! A field study on mobile app privacy nudging","volume-title":"Proceedings of the 33rd annual ACM conference on human factors in computing systems.","author":"Almuhimedi","year":"2015"},{"issue":"2","key":"2026033014311676100_ref013","first-page":"660","article-title":"A review of using gaming technology for cyber-security awareness","volume":"6","author":"Alotaibi","year":"2016","journal-title":"Int. J. Inf. Secur. Res.(IJISR)."},{"key":"2026033014311676100_ref014","doi-asserted-by":"crossref","first-page":"129","DOI":"10.23919\/ICITST.2017.8356361","article-title":"Enhancing cyber security awareness with mobile games","author":"Alotaibi","year":"2017","journal-title":"2017 12th International Conference for Internet Technology and Secured Transactions (ICITST)."},{"issue":"2","key":"2026033014311676100_ref015","doi-asserted-by":"crossref","first-page":"121","DOI":"10.3390\/info11020121","article-title":"Design and evaluation of an augmented reality game for cybersecurity awareness (cybar)","volume":"11","author":"Alqahtani","year":"2020","journal-title":"Information."},{"key":"2026033014311676100_ref016","doi-asserted-by":"crossref","first-page":"125","DOI":"10.1109\/VECIMS.2006.250805","article-title":"A novel 3D graphical password schema","author":"Alsulaiman","year":"2006","journal-title":"2006 IEEE Symposium on Virtual Environments, Human-Computer Interfaces and Measurement Systems."},{"issue":"9","key":"2026033014311676100_ref017","doi-asserted-by":"crossref","first-page":"1929","DOI":"10.1109\/TIM.2008.919905","article-title":"Three-dimensional password for more secure authentication","volume":"57","author":"Alsulaiman","year":"2008","journal-title":"IEEE Transactions on Instrumentation and measurement."},{"key":"2026033014311676100_ref018","doi-asserted-by":"crossref","first-page":"2883","DOI":"10.1145\/2702123.2702322","article-title":"How polymorphic warnings reduce habituation in the brain: Insights from an fMRI study","volume-title":"Proceedings of the 33rd annual ACM conference on human factors in computing systems.","author":"Anderson","year":"2015"},{"key":"2026033014311676100_ref019","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3290605.3300519","article-title":"\u2018Think secure from the beginning\u2019 A Survey with Software Developers","volume-title":"Proceedings of the 2019 CHI conference on human factors in computing systems.","author":"Assal","year":"2019"},{"key":"2026033014311676100_ref020","article-title":"Americans and privacy: Concerned, confused and feeling lack of control over their personal information","volume":"15","author":"Auxier","year":"2019","journal-title":"Pew Research Center: Internet, Science & Tech (blog)"},{"key":"2026033014311676100_ref021","doi-asserted-by":"crossref","first-page":"159","DOI":"10.1145\/2384916.2384945","article-title":"Pass-Chords: secure multi-touch authentication for blind people","author":"Azenkot","year":"2012","journal-title":"Proceedings of the 14th international ACM SIGACCESS conference on Computers and accessibility."},{"key":"2026033014311676100_ref022","article-title":"Cyber security awareness campaigns: Why do they fail to change behaviour?","author":"Bada","year":"2019","journal-title":"arXiv preprint arXiv:1901.02672."},{"issue":"3","key":"2026033014311676100_ref023","doi-asserted-by":"crossref","first-page":"30","DOI":"10.1109\/MIC.2017.57","article-title":"Balancing security and usability in encrypted email","volume":"21","author":"Bai","year":"2017","journal-title":"IEEE Internet Computing."},{"key":"2026033014311676100_ref024","doi-asserted-by":"crossref","first-page":"49","DOI":"10.1145\/2971648.2971722","article-title":"UniPass: design and evaluation of a smart device-based password manager for visually impaired users","author":"Barbosa","year":"2016","journal-title":"Proceedings of the 2016 ACM International Joint Conference on Pervasive and Ubiquitous Computing."},{"key":"2026033014311676100_ref025","doi-asserted-by":"crossref","first-page":"64","DOI":"10.1145\/1280680.1280689","article-title":"Lessons learned from the deployment of a smartphone-based access- control system","author":"Bauer","year":"2007","journal-title":"Proceedings of the 3rd Symposium on Usable Privacy and Security."},{"key":"2026033014311676100_ref026","doi-asserted-by":"publisher","DOI":"10.1145\/1595676.1595684","volume-title":"Proceedings of the 2008 workshop on New security paradigms - NSPW \u201808.","author":"Beautement","year":"2008"},{"key":"2026033014311676100_ref027","article-title":"Ipfs-content addressed, versioned, p2p file system","author":"Benet","year":"2014","journal-title":"arXiv preprint arXiv:1407.3561."},{"key":"2026033014311676100_ref028","first-page":"769","article-title":"The New State of Surveillance: Societies of Subjugation","volume":"79","author":"Beydoun","year":"2022","journal-title":"Wash. & Lee L. Rev."},{"key":"2026033014311676100_ref029","doi-asserted-by":"crossref","DOI":"10.14722\/usec.2015.23003","article-title":"Biometric authentication on iphone and android: Usability, perceptions, and influences on adoption","author":"Bhagavatula","year":"2015"},{"issue":"4","key":"2026033014311676100_ref030","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/2333112.2333114","article-title":"Graphical passwords: Learning from the first twelve years","volume":"44","author":"Biddle","year":"2012","journal-title":"ACM Computing Surveys (CSUR)."},{"key":"2026033014311676100_ref031","doi-asserted-by":"crossref","first-page":"1829","DOI":"10.1145\/1518701.1518983","article-title":"Evaluating existing audio CAPTCHAs and an interface optimized for non-visual use","author":"Bigham","year":"2009","journal-title":"Proceedings of the SIGCHI conference on human factors in computing systems."},{"key":"2026033014311676100_ref032","article-title":"Spaced repetition and mnemonics enable recall of multiple strong passwords","author":"Blocki","year":"2014","journal-title":"arXiv preprint arXiv:1410.1490."},{"key":"2026033014311676100_ref033","first-page":"1","article-title":"Privacy suites: shared privacy for social networks.","volume":"9","author":"Bonneau","year":"2009","journal-title":"SOUPS."},{"key":"2026033014311676100_ref034","doi-asserted-by":"crossref","first-page":"553","DOI":"10.1109\/SP.2012.44","article-title":"The quest to replace passwords: A framework for comparative evaluation of web authentication schemes","author":"Bonneau","year":"2012","journal-title":"2012 IEEE symposium on security and privacy."},{"key":"2026033014311676100_ref035","first-page":"607","article-title":"Towards reliable storage of 56-bit secrets in human memory","author":"Bonneau","year":"2014","journal-title":"23rd USENIX Security Symposium (USENIX Security 14)."},{"key":"2026033014311676100_ref036","first-page":"168","article-title":"Fourth-factor authentication: somebody you know","author":"Brainard","year":"2006","journal-title":"Proceedings of the 13th ACM conference on Computer and communications security."},{"key":"2026033014311676100_ref037","article-title":"Your Attention Please: Designing security-decision UIs to make genuine risks harder to ignore","author":"Bravo-Lillo","year":"2013","journal-title":"Proc. SOUPS\u201913."},{"key":"2026033014311676100_ref038","author":"Browne","year":"2015"},{"issue":"2","key":"2026033014311676100_ref039","doi-asserted-by":"crossref","first-page":"157","DOI":"10.1002\/asi.20459","article-title":"Development of measures of online privacy concern and protection for use on the Internet","volume":"58","author":"Buchanan","year":"2007","journal-title":"Journal of the American society for information science and technology."},{"key":"2026033014311676100_ref040","article-title":"Gender shades: Intersectional accuracy disparities in commercial gender classification","author":"Buolamwini","year":"2018","journal-title":"Conference on fairness, accountability and transparency."},{"key":"2026033014311676100_ref041","article-title":"Replication: no one can hack my mind revisiting a study on expert and non-expert security practices and advice","author":"Busse","year":"2019","journal-title":"Fifteenth Symposium on Usable Privacy and Security (SOUPS 2019)."},{"key":"2026033014311676100_ref042","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3359206","article-title":"Hello AI: uncovering the onboarding needs of medical practitioners for human-AI collaborative decision-making","volume":"3","author":"Cai","year":"2019","journal-title":"Proceedings of the ACM on Human-computer Interaction."},{"key":"2026033014311676100_ref043","doi-asserted-by":"crossref","DOI":"10.1108\/MAJ-11-2017-1693","article-title":"Ascribing responsibility for online security and data breaches","volume-title":"Managerial Auditing Journal.","author":"Carre","year":"2018"},{"key":"2026033014311676100_ref044","article-title":"Face-off: Adversarial face obfuscation","volume-title":"arXiv preprint arXiv:2003.08861.","author":"Chandrasekaran","year":"2020"},{"key":"2026033014311676100_ref045","doi-asserted-by":"crossref","first-page":"441","DOI":"10.1109\/SP.2018.00061","article-title":"The spyware used in intimate partner violence","volume-title":"2018 IEEE Symposium on Security and Privacy (SP).","author":"Chatterjee","year":"2018"},{"key":"2026033014311676100_ref046","doi-asserted-by":"crossref","first-page":"1737","DOI":"10.1145\/3357236.3395522","article-title":"Hacked Time: Design and Evaluation of a Self-Efficacy Based Cybersecurity Game","volume-title":"Proceedings of the 2020 ACM Designing Interactive Systems Conference.","author":"Chen","year":"2020"},{"key":"2026033014311676100_ref047","article-title":"LowKey: leveraging adversarial attacks to protect social media users from facial recognition","volume-title":"arXiv preprint arXiv:2101.07922.","author":"Cherepanova","year":"2021"},{"key":"2026033014311676100_ref048","first-page":"1753","article-title":"Deep fakes: A looming challenge for privacy, democracy, and national security","volume":"107","author":"Chesney","year":"2019","journal-title":"Calif. L. Rev."},{"key":"2026033014311676100_ref049","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3359248","article-title":"Co-designing for community oversight: Helping people make privacy and security decisions together","volume":"3","author":"Chouhan","year":"2019","journal-title":"Proceedings of the ACM on Human-Computer Interaction."},{"key":"2026033014311676100_ref050","author":"Cialdini","year":"1987","journal-title":"Influence."},{"key":"2026033014311676100_ref051","first-page":"169","article-title":"Phishy-a serious game to train enterprise users on phishing awareness","author":"Pandit","year":"2018","journal-title":"Proceedings of the 2018 annual symposium on computer-human interaction in play companion extended abstracts."},{"key":"2026033014311676100_ref052","doi-asserted-by":"crossref","DOI":"10.21606\/drs.2018.679","article-title":"Design justice: Towards an intersectional feminist framework for design theory and practice","volume-title":"Proceedings of the Design Research Society.","author":"Costanza-Chock","year":"2018"},{"key":"2026033014311676100_ref053","article-title":"A framework for reasoning about the human in the loop","author":"Cranor","year":"2008"},{"issue":"6","key":"2026033014311676100_ref054","doi-asserted-by":"crossref","first-page":"50","DOI":"10.1109\/MSECP.2003.1253568","article-title":"P3P: Making privacy policies more useful","volume":"1","author":"Cranor","year":"2003","journal-title":"IEEE Security & Privacy."},{"key":"2026033014311676100_ref055","article-title":"Leveraging competitive gamification for sustainable fun and profit in security education","author":"Dabrowski","year":"2015","journal-title":"2015 USENIX Summit on Gaming, Games, and Gamification in Security Education (3GSE 15)."},{"issue":"3","key":"2026033014311676100_ref056","doi-asserted-by":"crossref","first-page":"35","DOI":"10.1109\/MPRV.2018.03367733","article-title":"Personalized privacy assistants for the internet of things: Providing users with notice and choice","volume":"17","author":"Das","year":"2018","journal-title":"IEEE Pervasive Computing."},{"issue":"5","key":"2026033014311676100_ref057","doi-asserted-by":"crossref","first-page":"237","DOI":"10.1515\/itit-2016-0008","article-title":"Social cybersecurity: Understanding and leveraging social influence to increase security sensitivity","volume":"58","author":"Das","year":"2016","journal-title":"it-Information Technology."},{"key":"2026033014311676100_ref058","volume-title":"PhD thesis.","author":"Das","year":"2017"},{"key":"2026033014311676100_ref059","first-page":"97","article-title":"A Typology of Perceived Triggers for End-User Security and Privacy Behaviors","author":"Das","year":"2019","journal-title":"Fifteenth Symposium on Usable Privacy and Security (SOUPS 2019)."},{"key":"2026033014311676100_ref060","doi-asserted-by":"crossref","first-page":"211","DOI":"10.1145\/2493432.2493453","article-title":"Exploring capturable everyday memory for autobiographical authentication","author":"Das","year":"2013","journal-title":"Proceedings of the 2013 ACM international joint conference on Pervasive and ubiquitous computing."},{"key":"2026033014311676100_ref061","doi-asserted-by":"crossref","DOI":"10.14722\/usec.2016.23010","article-title":"Testing Computer-Aided Mnemonics and Feedback for Fast Memorization of High-Value Secrets","author":"Das","year":"2016","journal-title":"2016 Usable Security (USEC) Workshop."},{"key":"2026033014311676100_ref062","first-page":"143","article-title":"the effect of social influence on security sensitivity","author":"Das","year":"2014","journal-title":"10th Symposium On Usable Privacy and Security (SOUPS 2014)."},{"key":"2026033014311676100_ref063","doi-asserted-by":"publisher","first-page":"739","DOI":"10.1145\/2660267.2660271","volume-title":"Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (CCS \u201814).","author":"Das","year":"2014"},{"key":"2026033014311676100_ref064","doi-asserted-by":"crossref","first-page":"1416","DOI":"10.1145\/2675133.2675225","article-title":"The role of social influence in security feature adoption","author":"Das","year":"2015","journal-title":"Proceedings of the 18th ACM conference on computer supported cooperative work & social computing."},{"key":"2026033014311676100_ref065","doi-asserted-by":"crossref","first-page":"3764","DOI":"10.1145\/3025453.3025991","article-title":"Thumprint: Socially-inclusive local group authentication through shared secret knocks","author":"Das","year":"2017","journal-title":"Proceedings ofthe 2017 chi conference on human factors in computing systems."},{"key":"2026033014311676100_ref066","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3173574.3173575","volume-title":"Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems - CHI \u201818.","author":"Das","year":"2018"},{"key":"2026033014311676100_ref067","doi-asserted-by":"crossref","first-page":"1109","DOI":"10.1145\/3332165.3347917","article-title":"The memory palace: Exploring visual-spatial paths for strong, memorable, infrequent authentication","volume-title":"Proceedings of the 32nd Annual ACM Symposium on User Interface Software and Technology.","author":"Das","year":"2019"},{"key":"2026033014311676100_ref068","doi-asserted-by":"crossref","first-page":"319","DOI":"10.2307\/249008","article-title":"Perceived usefulness, perceived ease of use, and user acceptance of information technology","author":"Davis","year":"1989","journal-title":"MIS quarterly:"},{"key":"2026033014311676100_ref069","first-page":"915","article-title":"Control-Alt-Hack: the design and evaluation of a card game for computer security awareness and education","author":"Denning","year":"2013","journal-title":"Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security."},{"key":"2026033014311676100_ref070","doi-asserted-by":"publisher","first-page":"581","DOI":"10.1145\/1124772.1124861","volume-title":"Proc. CHI \u201806.","author":"Dhamija","year":"2006"},{"key":"2026033014311676100_ref071","doi-asserted-by":"publisher","first-page":"101","DOI":"10.1145\/1073001.1073011","volume-title":"Proc. SOUPS \u201805.","author":"DiGioia","year":"2005"},{"key":"2026033014311676100_ref072","doi-asserted-by":"crossref","first-page":"45","DOI":"10.1145\/3442167.3442173","article-title":"the framework of security-enhancing friction: How UX can help users behave more securely","volume-title":"New security paradigms workshop 2020.","author":"Distler","year":"2020"},{"key":"2026033014311676100_ref073","doi-asserted-by":"crossref","first-page":"125","DOI":"10.1145\/3461778.3462027","article-title":"Spidey Sense: Designing Wrist-Mounted Affective Haptics for Communicating Cybersecurity Warnings","author":"Do","year":"2021","journal-title":"Designing Interactive Systems Conference 2021."},{"issue":"4","key":"2026033014311676100_ref074","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3494983","article-title":"Smart Webcam Cover: Exploring the Design of an Intelligent Webcam Cover to Improve Usability and Trust","volume":"5","author":"Do","year":"2021","journal-title":"Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies."},{"key":"2026033014311676100_ref075","doi-asserted-by":"crossref","DOI":"10.1145\/3472749.3477980","article-title":"Bit Whisperer: Improving Access Control over Ad-hoc, Short-range, Wireless Communications via Surface-bound Acoustics","author":"Do","year":"2021","journal-title":"Proceedings ofthe 34th ACM User Interface Software and Technology Symposium (UIST)."},{"issue":"1","key":"2026033014311676100_ref076","doi-asserted-by":"crossref","first-page":"73","DOI":"10.1016\/j.cose.2006.10.009","article-title":"Phishing for user security awareness","volume":"26","author":"Dodge","year":"2007","journal-title":"computers & security."},{"issue":"3","key":"2026033014311676100_ref077","doi-asserted-by":"crossref","first-page":"319","DOI":"10.1207\/s15327051hci2103_2","article-title":"Collective information practice: Exploring privacy and security as social and cultural phenomena","volume":"21","author":"Dourish","year":"2006","journal-title":"Human-computer interaction."},{"issue":"6","key":"2026033014311676100_ref078","doi-asserted-by":"publisher","first-page":"391","DOI":"10.1007\/s00779-004-0308-5","article-title":"Security in the wild: user strategies for managing security as an everyday, practical problem","volume":"8","author":"Dourish","year":"2004","journal-title":"Personal and Ubiquitous Computing."},{"key":"2026033014311676100_ref079","first-page":"1","article-title":"Effects of peer feedback on password strength","author":"Dupuis","year":"2018","journal-title":"2018 APWG Symposium on Electronic Crime Research (eCrime)."},{"key":"2026033014311676100_ref080","doi-asserted-by":"crossref","first-page":"33","DOI":"10.1145\/1600176.1600182","author":"Edwards","year":"2008","journal-title":"Proceedings of the 2007 Workshop on New Security Paradigms."},{"key":"2026033014311676100_ref081","first-page":"669","article-title":"Family accounts: A new paradigm for user accounts within the home environment","author":"Egelman","year":"2008","journal-title":"Proceedings ofthe 2008 ACM conference on Computer supported cooperative work."},{"key":"2026033014311676100_ref082","doi-asserted-by":"crossref","first-page":"1065","DOI":"10.1145\/1357054.1357219","article-title":"You\u2019ve been warned: an empirical study of the effectiveness of web browser phishing warnings","author":"Egelman","year":"2008","journal-title":"Proceedings of the SIGCHI Conference on Human Factors in Computing Systems."},{"key":"2026033014311676100_ref083","article-title":"Please Continue to Hold: An empirical study on user tolerance of security delays","author":"Egelman","year":"2010","journal-title":"Proc. WEIS\u201910."},{"key":"2026033014311676100_ref084","doi-asserted-by":"crossref","first-page":"2873","DOI":"10.1145\/2702123.2702249","article-title":"Scaling the security wall: Developing a security behavior intentions scale (sebis)","volume-title":"Proceedings of the 33rd annual ACM conference on human factors in computing systems.","author":"Egelman","year":"2015"},{"key":"2026033014311676100_ref085","doi-asserted-by":"crossref","DOI":"10.1145\/2841113.2841115","article-title":"The myth of the average user: Improving privacy and security systems through individualization","volume":"1628","author":"Egelman","year":"2015","journal-title":"Proceedings of the 2015 New Security Paradigms Workshop."},{"key":"2026033014311676100_ref086","doi-asserted-by":"crossref","first-page":"2379","DOI":"10.1145\/2470654.2481329","article-title":"\u201cDoes my password go up to eleven?","author":"Egelman","year":"2013","journal-title":"Proceedings ofthe SIGCHI Conference on Human Factors in Computing Systems."},{"key":"2026033014311676100_ref087","volume-title":"PhD thesis.","author":"Faklaris","year":"2022"},{"key":"2026033014311676100_ref088","article-title":"\u201cDo They Accept or Resist Cybersecurity Measures?","author":"Faklaris","year":"2022","journal-title":"arXiv preprint arXiv:2204.03114."},{"key":"2026033014311676100_ref089","first-page":"61","author":"Faklaris","year":"2019","journal-title":"Fifteenth Symposium on Usable Privacy and Security (SOUPS 2019)."},{"key":"2026033014311676100_ref090","first-page":"111","article-title":"Blind and Human: Exploring More Usable Audio CAPTCHA Designs","author":"Fanelle","year":"2020","journal-title":"Sixteenth Symposium on Usable Privacy and Security (SOUPS 2020)."},{"key":"2026033014311676100_ref091","first-page":"1","article-title":"Iris: A conversational agent for complex tasks","author":"Fast","year":"2018","journal-title":"Proceedings of the 2018 CHI conference on human factors in computing systems."},{"key":"2026033014311676100_ref092","first-page":"2893","article-title":"Improving SSL warnings: Comprehension and adherence","author":"Felt","year":"2015","journal-title":"Proceedings of the 33rd annual ACM conference on human factors in computing systems."},{"key":"2026033014311676100_ref093","doi-asserted-by":"crossref","first-page":"2667","DOI":"10.1145\/2556288.2557292","article-title":"Experimenting at scale with google chrome\u2019s SSL warning","author":"Felt","year":"2014","journal-title":"Proceedings ofthe SIGCHI conference on human factors in computing systems."},{"issue":"1","key":"2026033014311676100_ref094","first-page":"54","article-title":"Fostering e-mail security awareness: The West Point carronade","volume":"28","author":"Ferguson","year":"2005","journal-title":"Educause Quarterly."},{"key":"2026033014311676100_ref095","article-title":"A theory of reasoned action: some applications and implications.","author":"Fishbein","year":"1979"},{"issue":"2","key":"2026033014311676100_ref096","article-title":"Belief, attitude, intention, and behavior: An introduction to theory and research","volume":"10","author":"Fishbein","year":"1977","journal-title":"Philosophy and Rhetoric."},{"key":"2026033014311676100_ref097","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/1541948.1541999","article-title":"A behavior model for persuasive design","volume-title":"Proceedings ofthe 4th International Conference on Persuasive Technology -Persuasive \u201809.","author":"Fogg","year":"2009"},{"key":"2026033014311676100_ref098","first-page":"1","article-title":"Building the security behavior observatory: An infrastructure for long-term monitoring of client machines","author":"Forget","year":"2014","journal-title":"Proceedings of the 2014 Symposium and Bootcamp on the Science ofSecurity."},{"key":"2026033014311676100_ref099","first-page":"1","article-title":"A promise is a promise: the effect of commitment devices on computer security intentions","author":"Frik","year":"2019","journal-title":"Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems."},{"key":"2026033014311676100_ref100","first-page":"21","article-title":"Privacy and security threat models and mitigation strategies of older adults","author":"Frik","year":"2019","journal-title":"Fifteenth Symposium on Usable Privacy and Security (SOUPS 2019)."},{"issue":"1","key":"2026033014311676100_ref101","doi-asserted-by":"crossref","first-page":"27","DOI":"10.1016\/j.cose.2005.12.004","article-title":"The challenges of undersatnding and using security: A survey of end-users","volume":"25","author":"Furnell","year":"2006","journal-title":"Computers & Security."},{"key":"2026033014311676100_ref102","doi-asserted-by":"publisher","first-page":"591","DOI":"10.1145\/1124772.1124862","volume-title":"Proceedings of the SIGCHI conference on Human Factors in computing systems (CHI \u201806).","author":"Gaw","year":"2006"},{"key":"2026033014311676100_ref103","doi-asserted-by":"crossref","first-page":"277","DOI":"10.1109\/VR.2019.8797862","article-title":"Investigating the third dimension for authentication in immersive virtual reality and in the real world","volume-title":"2019 ieee conference on virtual reality and 3d user interfaces (vr).","author":"George","year":"2019"},{"key":"2026033014311676100_ref104","first-page":"1","article-title":"Challenges in supporting end-user privacy and security management with social navigation","author":"Goecks","year":"2009","journal-title":"Proceedings ofthe 5th Symposium on Usable Privacy and Security."},{"issue":"2","key":"2026033014311676100_ref105","doi-asserted-by":"crossref","first-page":"39","DOI":"10.1145\/293411.293443","article-title":"Onion routing","volume":"42","author":"Goldschlag","year":"1999","journal-title":"Communications ofthe ACM."},{"key":"2026033014311676100_ref106","first-page":"109","article-title":"Driving 2FA Adoption at Scale: Optimizing Two-Factor Authentication Notification Design Patterns","author":"Golla","year":"2021","journal-title":"30th USENIX Security Symposium (USENIX Security 21)."},{"issue":"5","key":"2026033014311676100_ref107","doi-asserted-by":"crossref","first-page":"40","DOI":"10.1109\/MSP.2016.111","article-title":"Developers are not the enemy!: The need for usable security apis","volume":"14","author":"Green","year":"2016","journal-title":"IEEE Security & Privacy."},{"key":"2026033014311676100_ref108","first-page":"673","article-title":"VaultIME: Regaining User Control for Password Managers through Auto-correction","volume-title":"International Conference on Security and Privacy in Communication Systems.","author":"Guan","year":"2017"},{"key":"2026033014311676100_ref109","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3173574.3173688","article-title":"\u201cKeeping a low profile?","volume-title":"Proceedings of the 2018 CHI conference on human factors in computing systems.","author":"Guberek","year":"2018"},{"key":"2026033014311676100_ref110","first-page":"3","article-title":"Security administrators: A breed apart","volume-title":"SOUPS USM:","author":"Haber","year":"2007"},{"issue":"4","key":"2026033014311676100_ref111","doi-asserted-by":"crossref","first-page":"375380","DOI":"10.1080\/17437199.2016.1244647","article-title":"Non-conscious processes and dual-process theories in health psychology","volume":"10","author":"Hagger","year":"2016","journal-title":"Health Psychology Review."},{"issue":"1","key":"2026033014311676100_ref112","doi-asserted-by":"crossref","first-page":"30","DOI":"10.1109\/MPRV.2008.16","article-title":"Security and privacy for implantable medical devices","volume":"7","author":"Halperin","year":"2008","journal-title":"IEEE pervasive computing."},{"key":"2026033014311676100_ref113","first-page":"411","article-title":"\u201cIt\u2019s the Company, the Government, You and I\u201d: User Perceptions of Responsibility for Smart Home Privacy and Security","author":"Haney","year":"2021","journal-title":"30th USENIX Security Symposium (USENIX Security 21)."},{"key":"2026033014311676100_ref114","first-page":"1383","article-title":"I know what you did last week! do you? dynamic security questions for fallback authentication on smartphones","author":"Hang","year":"2015","journal-title":"Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems."},{"key":"2026033014311676100_ref115","first-page":"163","article-title":"Privacy policies, terms of service, and FTC enforcement: Broadening unfairness regulation for a new era","volume":"19","author":"Hans","year":"2012","journal-title":"Mich. Telecomm. & Tech. L. Rev."},{"issue":"2","key":"2026033014311676100_ref116","doi-asserted-by":"crossref","DOI":"10.22230\/cjc.2017v42n2a3176","article-title":"Old dogs, new clicks: Digital inequality in skills and uses among older adults.","volume":"42","author":"Hargittai","year":"2017","journal-title":"Canadian Journal of Communication."},{"key":"2026033014311676100_ref117","first-page":"22","article-title":"The scope and potential of FTC data protection","volume-title":"Geo. Wash. L. Rev.","author":"Hartzog","year":"2014"},{"key":"2026033014311676100_ref118","first-page":"105","article-title":"Clinical computer security for victims of intimate partner violence","author":"Havron","year":"2019","journal-title":"28th USENIX Security Symposium (USENIX Security 19)."},{"key":"2026033014311676100_ref119","first-page":"1","article-title":"Casa: context-aware scalable authentication","author":"Hayashi","year":"2013","journal-title":"Proceedings ofthe Ninth Symposium on Usable Privacy and Security."},{"issue":"1","key":"2026033014311676100_ref120","doi-asserted-by":"crossref","DOI":"10.17083\/ijsg.v3i1.107","article-title":"Game based cyber security training: are serious games suitable for cyber security training?","volume":"3","author":"Hendrix","year":"2016","journal-title":"International Journal of Serious Games."},{"key":"2026033014311676100_ref121","doi-asserted-by":"publisher","first-page":"133","DOI":"10.1145\/1719030.1719050","volume-title":"Proc. NSPW \u201809.","author":"Herley","year":"2009"},{"issue":"23","key":"2026033014311676100_ref122","doi-asserted-by":"crossref","first-page":"6415","DOI":"10.1073\/pnas.1517797113","article-title":"Unfalsifiability of security claims","volume":"113","author":"Herley","year":"2016","journal-title":"Proceedings of the National Academy ofSciences."},{"key":"2026033014311676100_ref123","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-03549-4_14","article-title":"Passwords: If We\u2019re So Smart, Why Are We Still Using Them?","author":"Herley","year":"2009","journal-title":"Proceedings of the 13th International Conference on Financial Cryptography and Data Security (FC\u201909)."},{"key":"2026033014311676100_ref124","doi-asserted-by":"crossref","first-page":"230","DOI":"10.1007\/978-3-642-03549-4_14","article-title":"Passwords: If we\u2019re so smart, why are we still using them?","volume-title":"International Conference on Financial Cryptography and Data Security.","author":"Herley","year":"2009"},{"key":"2026033014311676100_ref125","first-page":"20","article-title":"FTC as Internet privacy norm entrepreneur, The","volume-title":"Vand. L. Rev.","author":"Hetcher","year":"2000"},{"key":"2026033014311676100_ref126","article-title":"A survey of serious games for cybersecurity education and training","author":"Hill","year":"2020"},{"key":"2026033014311676100_ref127","doi-asserted-by":"publisher","first-page":"327","DOI":"10.1080\/0888431022000070458","volume-title":"Symposium on Usable Privacy and Security (SOUPS).","author":"Ion","year":"2015"},{"issue":"10","key":"2026033014311676100_ref128","doi-asserted-by":"crossref","first-page":"94","DOI":"10.1145\/1290958.1290968","article-title":"Social phishing","volume":"50","author":"Jagatic","year":"2007","journal-title":"Communications of the ACM."},{"key":"2026033014311676100_ref129","doi-asserted-by":"crossref","first-page":"355","DOI":"10.1145\/3308561.3353777","article-title":"Automatic generation and evaluation of usable and secure audio ReCAPTCHA","volume-title":"The 21st International ACM SIGACCESS Conference on Computers and Accessibility.","author":"Jain","year":"2019"},{"issue":"6","key":"2026033014311676100_ref130","doi-asserted-by":"crossref","first-page":"584","DOI":"10.1080\/0144929X.2011.632650","article-title":"Phishing for phishing awareness","volume":"32","author":"Jansson","year":"2013","journal-title":"Behaviour & information technology."},{"issue":"1","key":"2026033014311676100_ref131","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1080\/24694452.2017.1293500","article-title":"Predictable policing: Predictive crime mapping and geographies of policing and race","volume":"108","author":"Jefferson","year":"2018","journal-title":"Annals of the American Association of Geographers."},{"key":"2026033014311676100_ref132","first-page":"1571","volume-title":"2022 IEEE Symposium on Security and Privacy (SP).","author":"Jin","year":"2022"},{"key":"2026033014311676100_ref133","first-page":"476","article-title":"On mouse dynamics as a behavioral biometric for authentication","author":"Jorgensen","year":"2011","journal-title":"Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security."},{"key":"2026033014311676100_ref134","article-title":"Thinking, fast and slow.","author":"Kahneman","year":"2011"},{"key":"2026033014311676100_ref135","doi-asserted-by":"crossref","first-page":"64","DOI":"10.1016\/j.cose.2014.03.003","article-title":"An exploratory investigation of message-person congruence in information security awareness campaigns","volume":"43","author":"Kajzer","year":"2014","journal-title":"Computers & security."},{"key":"2026033014311676100_ref136","first-page":"39","article-title":"\u201cMy data just goes everywhere\u201d: User mental models of the internet and implications for privacy and security","volume-title":"Symposium on Usable Privacy and Security (SOUPS) 2015.","author":"Kang","year":"2015"},{"key":"2026033014311676100_ref137","first-page":"52","article-title":"KNOW why your access was denied: Regulating feedback for usable security","author":"Kapadia","year":"2004","journal-title":"Proceedings ofthe 11th ACM conference on Computer and Communications Security."},{"issue":"3","key":"2026033014311676100_ref138","doi-asserted-by":"crossref","first-page":"409","DOI":"10.1177\/0011000011414211","article-title":"Increasing positive perceptions of counseling: The importance of repeated exposures","volume":"40","author":"Kaplan","year":"2012","journal-title":"The Counseling Psychologist."},{"key":"2026033014311676100_ref139","first-page":"483","article-title":"SoundProof: Usable Two-Factor Authentication Based on Ambient Sound","author":"Karapanos","year":"2015","journal-title":"24th USENIX security symposium (USENIX security 15)."},{"key":"2026033014311676100_ref140","first-page":"1","article-title":"A \u201cnutrition label\u201d for privacy","author":"Kelley","year":"2009","journal-title":"Proceedings of the 5th Symposium on Usable Privacy and Security."},{"key":"2026033014311676100_ref141","article-title":"Colonial Pipeline hack explained: Everything you need to know","author":"Kerner","year":"2022"},{"key":"2026033014311676100_ref142","first-page":"1","article-title":"Information security awareness campaign: An alternate approach","volume-title":"International Conference on Information Security and Assurance.","author":"Khan","year":"2011"},{"key":"2026033014311676100_ref143","doi-asserted-by":"crossref","first-page":"377","DOI":"10.1145\/2207676.2207728","article-title":"Tag, you can see it! Using tags for access control in photo sharing","author":"Klemperer","year":"2012","journal-title":"Proceedings of the SIGCHI conference on human factors in computing systems."},{"key":"2026033014311676100_ref144","doi-asserted-by":"crossref","first-page":"447","DOI":"10.1109\/SP.2010.34","article-title":"Experimental security analysis of a modern automobile","volume-title":"2010 IEEE symposium on security and privacy.","author":"Koscher","year":"2010"},{"issue":"2","key":"2026033014311676100_ref145","doi-asserted-by":"crossref","first-page":"143","DOI":"10.1016\/j.apergo.2006.03.010","article-title":"Human errors and violations in computer and information security: The viewpoint of network administrators and security specialists","volume":"38","author":"Kraemer","year":"2007","journal-title":"Applied ergonomics."},{"issue":"1","key":"2026033014311676100_ref146","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1080\/0144929X.2019.1584644","article-title":"Digital nudging and privacy: improving decisions about self-disclosure in social networks","volume":"40","author":"Kroll","year":"2021","journal-title":"Behaviour & Information Technology."},{"key":"2026033014311676100_ref147","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3479540","article-title":"Examining Collaborative Support for Privacy and Security in the Broader Context of Tech Caregiving","volume":"5","author":"Kropczynski","year":"2021","journal-title":"Proceedings ofthe ACM on Human-Computer Interaction."},{"key":"2026033014311676100_ref148","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3491102.3502009","article-title":"To Self-Persuade or be Persuaded: Examining Interventions for Users\u2019 Privacy Setting Selection","volume-title":"CHI Conference on Human Factors in Computing Systems.","author":"Krsek","year":"2022"},{"key":"2026033014311676100_ref149","author":"Kumaraguru","year":"2005"},{"key":"2026033014311676100_ref150","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/1572532.1572536","article-title":"School of phish: a real-world evaluation of anti-phishing training","volume-title":"Proceedings of the 5th Symposium on Usable Privacy and Security.","author":"Kumaraguru","year":"2009"},{"key":"2026033014311676100_ref151","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1109\/ECRIME.2008.4696970","article-title":"Lessons from a real world evaluation of anti-phishing training","volume-title":"2008 eCrime Researchers Summit.","author":"Kumaraguru","year":"2008"},{"issue":"4","key":"2026033014311676100_ref152","doi-asserted-by":"crossref","first-page":"54","DOI":"10.1109\/MSP.2013.90","article-title":"Making sense from Snowden: What\u2019s significant in the NSA surveillance revelations","volume":"11","author":"Landau","year":"2013","journal-title":"IEEE Security & Privacy."},{"key":"2026033014311676100_ref153","doi-asserted-by":"crossref","first-page":"392","DOI":"10.1109\/SP.2018.00051","article-title":"Towards security and privacy for multi-user augmented reality: Foundations with end users","volume-title":"2018 IEEE Symposium on Security and Privacy (SP).","author":"Lebeck","year":"2018"},{"key":"2026033014311676100_ref154","doi-asserted-by":"crossref","first-page":"2978","DOI":"10.1109\/HICSS.2013.192","article-title":"Employees\u2019 information security awareness and behavior: A literature review","author":"Lebek","year":"2013","journal-title":"2013 46th Hawaii International Conference on System Sciences."},{"key":"2026033014311676100_ref155","doi-asserted-by":"crossref","first-page":"385","DOI":"10.1109\/EuroSP.2017.41","article-title":"Confidante: Usable encrypted email: A case study with lawyers and journalists","volume-title":"2017 IEEE European Symposium on Security and Privacy (EuroS&P).","author":"Lerner","year":"2017"},{"issue":"3","key":"2026033014311676100_ref156","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3478097","article-title":"Honeysuckle: Annotation-guided code generation of in-app privacy notices","volume":"5","author":"Li","year":"2021","journal-title":"Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies."},{"issue":"3","key":"2026033014311676100_ref157","first-page":"1","article-title":"Privacystreams: Enabling transparency in personal data processing for mobile apps","volume":"1","author":"Li","year":"2017","journal-title":"Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies."},{"key":"2026033014311676100_ref158","doi-asserted-by":"crossref","first-page":"4","DOI":"10.1109\/THFE2.1960.4503259","article-title":"Man-computer symbiosis","author":"Licklider","year":"1960","journal-title":"IRE transactions on human factors in electronics."},{"key":"2026033014311676100_ref159","doi-asserted-by":"crossref","first-page":"67","DOI":"10.1145\/2413296.2413303","article-title":"Someone to watch over me","author":"Lipford","year":"2012","journal-title":"Proceedings ofthe 2012 New Security Paradigms Workshop."},{"key":"2026033014311676100_ref160","first-page":"27","article-title":"Follow my recommendations: A personalized privacy assistant for mobile app permissions","volume-title":"Twelfth symposium on usable privacy and security (SOUPS 2016).","author":"Liu","year":"2016"},{"issue":"5","key":"2026033014311676100_ref161","first-page":"864","article-title":"When privacy meets usability: Unobtrusive privacy permission recommendation system for mobile apps based on crowdsourcing","volume":"11","author":"Liu","year":"2016","journal-title":"IEEE Transactions on Services Computing."},{"key":"2026033014311676100_ref162","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3512907","article-title":"Image DePO: Towards Gradual Decentralization of Online Social Networks using Decentralized Privacy Overlays","volume":"6","author":"Logas","year":"2022","journal-title":"Proceedings ofthe ACM on HumanComputer Interaction."},{"issue":"4","key":"2026033014311676100_ref163","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/2493171.2493173","article-title":"Investigating user behavior for authentication methods: A comparison between individuals with Down syndrome and neurotypical users","volume":"4","author":"Ma","year":"2013","journal-title":"ACM Transactions on Accessible Computing (TACCESS)."},{"issue":"4","key":"2026033014311676100_ref164","doi-asserted-by":"crossref","first-page":"336","DOI":"10.1287\/isre.1040.0032","volume":"15","author":"Malhotra","year":"2004","journal-title":"Information systems research."},{"key":"2026033014311676100_ref165","first-page":"ii","article-title":"Identifying users of portable devices from gait pattern with accelerometers","volume":"2","author":"Mantyjarvi","year":"2005","journal-title":"Proceedings.(ICASSP\u201905). IEEE International Conference on Acoustics, Speech, and Signal Processing, 2005."},{"key":"2026033014311676100_ref166","first-page":"110","volume":"3","author":"Marne","year":"2017","journal-title":"SOUPS."},{"key":"2026033014311676100_ref167","article-title":"Enabling automatic password change in password managers through crowdsourcing","volume-title":"Proc. PASSWORDS. Springer.","author":"Mayer","year":"2016"},{"key":"2026033014311676100_ref168","doi-asserted-by":"crossref","first-page":"2085","DOI":"10.1145\/1978942.1979245","article-title":"Exploring reactive control","volume-title":"Proceedings ofthe SIGCHI Conference on Human Factors in Computing Systems.","author":"Mazurek","year":"2011"},{"key":"2026033014311676100_ref169","first-page":"89","article-title":"Toward strong, usable access control for shared distributed data","volume-title":"12th USENIX Conference on File and Storage Technologies (FAST 14).","author":"Mazurek","year":"2014"},{"key":"2026033014311676100_ref170","first-page":"89","article-title":"Tapas: design, implementation, and usability evaluation of a password manager","volume-title":"Proceedings ofthe 28th Annual Computer Security Applications Conference.","author":"McCarney","year":"2012"},{"key":"2026033014311676100_ref171","article-title":"\u201c It\u2019s stressful having all these phones\u201d: Investigating Sex Workers\u2019 Safety Goals, Risks, and Practices Online","volume-title":"30th USENIX Security Symposium (USENIX Security 21).","author":"McDonald","year":"2021"},{"key":"2026033014311676100_ref172","first-page":"514","volume":"2","author":"McSweeny","year":"2018","journal-title":"Geo. L. Tech. Rev."},{"key":"2026033014311676100_ref173","first-page":"1","article-title":"An Exploratory Study of Social Support Systems to Help Older Adults in Managing Mobile Safety","author":"Mendel","year":"2021","journal-title":"Proceedings of the 23rd International Conference on Mobile Human-Computer Interaction."},{"issue":"1","key":"2026033014311676100_ref174","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3517249","article-title":"Toward Proactive Support for Older Adults: Predicting the Right Moment for Providing Mobile Safety Help","volume":"6","author":"Mendel","year":"2022","journal-title":"Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies."},{"key":"2026033014311676100_ref175","first-page":"371","article-title":"Stop annoying me! an empirical investigation of the usability of app privacy notifications","author":"Micallef","year":"2017","journal-title":"Proceedings of the 29th Australian Conference on Computer-Human Interaction."},{"key":"2026033014311676100_ref176","article-title":"The Anatomy of Account Take-Over","author":"Milka","year":"2018","journal-title":"USENIX ENIGMA."},{"key":"2026033014311676100_ref177","article-title":"\u201c\u201chow do you not lose friends?\u201d: Synthesizing a design space of social controls for securing shared digital resources via participatory design jams,\u201d\u201c","author":"Moju-Igbene","year":"2022","journal-title":"Proceedings of the 31st USENIX Security Symposium (SEC)."},{"key":"2026033014311676100_ref178","first-page":"48","article-title":"Authentication via keystroke dynamics","author":"Monrose","year":"1997","journal-title":"Proceedings ofthe 4th ACM Conference on Computer and Communications Security."},{"key":"2026033014311676100_ref179","unstructured":"Moore, H. and D.Roberts. (2013). \u201cAP Twitter hack causes panic on Wall Street and sends Dow plunging\u201d. url: http:\/\/www.theguardian.com\/business\/2013\/apr\/23\/ap-tweet-hack-wall-street-freefall."},{"key":"2026033014311676100_ref180","doi-asserted-by":"crossref","first-page":"169293","DOI":"10.1109\/ACCESS.2019.2955639","article-title":"Development of serious games for teaching information security courses","volume":"7","author":"Mostafa","year":"2019","journal-title":"IEEE Access."},{"key":"2026033014311676100_ref181","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3449212","article-title":"Individually vulnerable, collectively safe: The security and privacy practices of households with older adults","volume":"5","author":"Murthy","year":"2021","journal-title":"Proceedings of the ACM on HumanComputer Interaction."},{"key":"2026033014311676100_ref182","article-title":"Something Doesn\u2019t Feel Right: Using Thermal Warnings to Improve User Security Awareness","author":"Napoli","year":"2020"},{"issue":"3","key":"2026033014311676100_ref183","doi-asserted-by":"crossref","first-page":"1065","DOI":"10.1016\/j.compedu.2012.04.016","volume":"59","author":"Ng","year":"2012","journal-title":"Computers & education."},{"key":"2026033014311676100_ref184","first-page":"1","article-title":"\u201c If It\u2019s Important It Will Be A Headline\u201d Cybersecurity Information Seeking in Older Adults","author":"Nicholson","year":"2019","journal-title":"Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems."},{"key":"2026033014311676100_ref185","first-page":"1","article-title":"Simple nudges for better password creation","volume-title":"Proceedings of the 32nd International BCS Human Computer Interaction Conference 32.","author":"Nicholson","year":"2018"},{"key":"2026033014311676100_ref186","article-title":"User education is not the answer to security problems","author":"Nielsen","year":"2004","journal-title":"Alertbox"},{"issue":"1","key":"2026033014311676100_ref187","doi-asserted-by":"crossref","first-page":"100","DOI":"10.1111\/j.1745-6606.2006.00070.x","article-title":"The privacy paradox: Personal information disclosure intentions versus behaviors","volume":"41","author":"Norberg","year":"2007","journal-title":"Journal of consumer affairs."},{"key":"2026033014311676100_ref188","author":"Norman","year":"2013"},{"issue":"1","key":"2026033014311676100_ref189","doi-asserted-by":"crossref","first-page":"4","DOI":"10.1509\/jppm.33.1.4","article-title":"Privacy challenges and opportunities: The role of the Federal Trade Commission","volume":"33","author":"Ohlhausen","year":"2014","journal-title":"Journal of Public Policy & Marketing."},{"key":"2026033014311676100_ref190","volume-title":"Proceedings of the Symposium on Usable Privacy and Security (SOUPS\u201915)","author":"Ohyama","year":"2015"},{"key":"2026033014311676100_ref191","unstructured":"Olmstead, K. and A.Smith. (2017). \u201cAmericans and Cybersecurity\u201d. Tech. rep. Pew Research Center. url: http:\/\/www.pewinternet.org\/2017\/01\/26\/americans-and-cybersecurity\/."},{"key":"2026033014311676100_ref192","first-page":"57","article-title":"User Perceptions of the Usability and Security of Smartphones as FIDO2 Roaming Authenticators","author":"Owens","year":"2021","journal-title":"Seventeenth Symposium on Usable Privacy and Security (SOUPS 2021)."},{"key":"2026033014311676100_ref193","first-page":"83","article-title":"Share and share alike? An exploration of secure behaviors in romantic relationships","author":"Park","year":"2018","journal-title":"Fourteenth Symposium on Usable Privacy and Security (SOUPS 2018)."},{"key":"2026033014311676100_ref194","doi-asserted-by":"crossref","first-page":"40","DOI":"10.1016\/j.cose.2017.01.004","volume":"66","author":"Parsons","year":"2017","journal-title":"Computers & Security."},{"key":"2026033014311676100_ref195","first-page":"319","article-title":"Why people (don\u2019t) use password managers effectively","volume-title":"Fifteenth Symposium on Usable Privacy and Security (SOUPS 2019).","author":"Pearman","year":"2019"},{"key":"2026033014311676100_ref196","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3290605.3300748","article-title":"Put your warning where your link is: Improving and evaluating email phishing warnings","volume-title":"Proceedings of the 2019 CHI conference on human factors in computing systems.","author":"Petelka","year":"2019"},{"key":"2026033014311676100_ref197","first-page":"1","article-title":"Stories as informal lessons about security","author":"Rader","year":"2012","journal-title":"Proceedings ofthe Eighth Symposium on Usable Privacy and Security."},{"key":"2026033014311676100_ref198","doi-asserted-by":"crossref","DOI":"10.1609\/icwsm.v12i1.14997","article-title":"Net benefits: Digital inequities in social capital, privacy preservation, and digital parenting practices of US social media users","volume":"12","author":"Redmiles","year":"2018","journal-title":"Proceedings of the International AAAI Conference on Web and Social Media."},{"key":"2026033014311676100_ref199","doi-asserted-by":"crossref","first-page":"666","DOI":"10.1145\/2976749.2978307","article-title":"How i learned to be secure: a census-representative survey of security advice sources and behavior","volume-title":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security.","author":"Redmiles","year":"2016"},{"key":"2026033014311676100_ref200","doi-asserted-by":"crossref","first-page":"931","DOI":"10.1145\/3025453.3025673","article-title":"\u201cWhere is the digital divide?","volume-title":"Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems.","author":"Redmiles","year":"2017"},{"key":"2026033014311676100_ref201","doi-asserted-by":"crossref","first-page":"272","DOI":"10.1109\/SP.2016.24","article-title":"I think they\u2019re trying to tell me something: Advice sources and selection for digital security","author":"Redmiles","year":"2016","journal-title":"2016 IEEE Symposium on Security and Privacy (SP)."},{"key":"2026033014311676100_ref202","doi-asserted-by":"crossref","first-page":"215","DOI":"10.1145\/3219166.3219185","article-title":"\u201cDancing pigs or externalities?","author":"Redmiles","year":"2018","journal-title":"Proceedings of the 2018 ACM Conference on Economics and Computation."},{"key":"2026033014311676100_ref203","doi-asserted-by":"crossref","first-page":"2065","DOI":"10.1145\/1978942.1979243","article-title":"More than skin deep: measuring effects of the underlying model on access-control system usability","volume-title":"Proceedings of the SIGCHI Conference on Human Factors in Computing Systems.","author":"Reeder","year":"2011"},{"key":"2026033014311676100_ref204","doi-asserted-by":"crossref","first-page":"1473","DOI":"10.1145\/1357054.1357285","article-title":"Expandable grids for visualizing and authoring computer security policies","volume-title":"Proceedings ofthe SIGCHI Conference on Human Factors in Computing Systems.","author":"Reeder","year":"2008"},{"issue":"7-8","key":"2026033014311676100_ref205","first-page":"241","article-title":"Financial Exploitation of the Elderly in a Consumer Context","volume":"27","author":"Reisig","year":"2015","journal-title":"Computers & security."},{"key":"2026033014311676100_ref206","article-title":"The importance of perceived trust, security and privacy in online trading systems","volume-title":"Information Management & Computer Security.","author":"Roca","year":"2009"},{"key":"2026033014311676100_ref207","first-page":"58","volume-title":"CSEDU (2):","author":"Roepke","year":"2019"},{"key":"2026033014311676100_ref208","unstructured":"Rogers, E. M.\n (1962). Diffusion of innovations. Free Press of Glencoe. url: http:\/\/books.google.com\/books?id=zw0-AAAAIAAJ."},{"key":"2026033014311676100_ref209","doi-asserted-by":"crossref","first-page":"989","DOI":"10.1016\/S0306-4603(02)00300-3","article-title":"Diffusion of preventive innovations","volume":"27","author":"Rogers","year":"2002","journal-title":"Addictive Behaviors."},{"key":"2026033014311676100_ref210","doi-asserted-by":"crossref","first-page":"461","DOI":"10.1145\/2984511.2984580","article-title":"Private Webmail 2.0: Simple and easy-to-use secure email","author":"Ruoti","year":"2016","journal-title":"Proceedings ofthe 29th Annual Symposium on User Interface Software and Technology."},{"key":"2026033014311676100_ref211","article-title":"Why Johnny still, still can\u2019t encrypt: Evaluating the usability of a modern PGP client","author":"Ruoti","year":"2015","journal-title":"arXiv preprint arXiv:1510.08555."},{"issue":"6","key":"2026033014311676100_ref212","doi-asserted-by":"crossref","first-page":"72","DOI":"10.1109\/MSEC.2019.2933683","article-title":"Johnny\u2019s journey toward usable secure email","volume":"17","author":"Ruoti","year":"2019","journal-title":"IEEE Security & Privacy."},{"issue":"6","key":"2026033014311676100_ref213","doi-asserted-by":"crossref","first-page":"401","DOI":"10.1007\/s00779-008-0214-3","article-title":"Understanding and capturing people\u2019s privacy policies in a mobile social networking application","volume":"13","author":"Sadeh","year":"2009","journal-title":"Personal and ubiquitous computing."},{"key":"2026033014311676100_ref214","unstructured":"Sasse, M.\n (2003). \u201cComputer security: Anatomy of a Usability Disaster, and a Plan for Recovery\u201d. In: Proc. CHI Workshop on HCI and Security Systems. Citeseer. url: http:\/\/citeseerx.ist.psu.edu\/viewdoc\/download?doi=10.1.1.102.9019&rep=rep1&type=pdf."},{"key":"2026033014311676100_ref215","first-page":"1","article-title":"A design space for effective privacy notices","author":"Schaub","year":"2015","journal-title":"Eleventh symposium on usable privacy and security (SOUPS 2015)."},{"key":"2026033014311676100_ref216","doi-asserted-by":"crossref","first-page":"1983","DOI":"10.1145\/1518701.1519003","article-title":"It\u2019s not what you know, but who you know: a social approach to last-resort authentication","author":"Schechter","year":"2009","journal-title":"Proceedings of the sigchi conference on human factors in computing systems."},{"key":"2026033014311676100_ref217","author":"Schneier","year":"2015"},{"key":"2026033014311676100_ref218","first-page":"129","article-title":"Lessons learned from an organizational information security awareness campaign","volume-title":"IFIP World Conference on Information Security Education.","author":"Scrimgeour","year":"2019"},{"key":"2026033014311676100_ref219","article-title":"Fawkes: Protecting Privacy against Unauthorized Deep Learning Models","volume-title":"In Proc. of the 29th USENIX Security Symposium.","author":"Shan","year":"2020"},{"key":"2026033014311676100_ref220","doi-asserted-by":"crossref","first-page":"2903","DOI":"10.1145\/2702123.2702586","article-title":"A spoonful of sugar? The impact of guidance and feedback on password-creation behavior","volume-title":"Proceedings of the 33rd annual ACM conference on human factors in computing systems.","author":"Shay","year":"2015"},{"key":"2026033014311676100_ref221","first-page":"3","article-title":"Why johnny still can\u2019t encrypt: evaluating the usability of email encryption software","author":"Sheng","year":"2006","journal-title":"Symposium On Usable Privacy and Security."},{"key":"2026033014311676100_ref222","doi-asserted-by":"crossref","first-page":"88","DOI":"10.1145\/1280680.1280692","article-title":"Anti-phishing phil: the design and evaluation of a game that teaches people not to fall for phish","author":"Sheng","year":"2007","journal-title":"Proceedings of the 3rd symposium on Usable privacy and security."},{"issue":"6","key":"2026033014311676100_ref223","doi-asserted-by":"crossref","first-page":"42","DOI":"10.1145\/267505.267514","article-title":"\u201cDirect manipulation vs.","volume":"4","author":"Shneiderman","year":"1997","journal-title":"interactions."},{"key":"2026033014311676100_ref224","doi-asserted-by":"crossref","DOI":"10.1108\/09685220010371394","article-title":"A conceptual foundation for organizational information security awareness","volume-title":"Information management & computer security.","author":"Siponen","year":"2000"},{"key":"2026033014311676100_ref225","doi-asserted-by":"crossref","first-page":"167","DOI":"10.2307\/249477","article-title":"Information privacy: Measuring individuals\u2019 concerns about organizational practices","author":"Smith","year":"1996","journal-title":"MIS quarterly:"},{"key":"2026033014311676100_ref226","first-page":"745","article-title":"The hidden costs of cybercrime. McAfee. Solove, D. J. (2007). \u201cI\u2019ve got nothing to hide and other misunderstandings of privacy\u201d","volume":"44","author":"Smith","year":"2020","journal-title":"San Diego L. Rev."},{"key":"2026033014311676100_ref227","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3359185","article-title":"Normal and easy: Account sharing practices in the workplace","volume":"3","author":"Song","year":"2019","journal-title":"Proceedings ofthe ACM on Human-Computer Interaction."},{"key":"2026033014311676100_ref228","first-page":"289","volume-title":"Digital Privacy.","author":"Spiekermann","year":"2007"},{"key":"2026033014311676100_ref229","unstructured":"Stanton, J., P.Mastrangelo, K.Stam, and J.Jolton. (2004). \u201cBehavioral Information Security: Two End User Survey Studies of Motivation and Security Practices.\u201d AMCIS. (August): 2\u20138. url: http:\/\/citeseerx.ist.psu.edu\/viewdoc\/download?doi=10.1.1.92.2938&rep=rep1&type=pdf."},{"key":"2026033014311676100_ref230","doi-asserted-by":"crossref","first-page":"39","DOI":"10.1145\/2683467.2683471","article-title":"A password manager that doesn\u2019t remember passwords","volume-title":"Proceedings of the 2014 New Security Paradigms Workshop.","author":"Stobert","year":"2014"},{"key":"2026033014311676100_ref231","first-page":"446","article-title":"ByPass: Reconsidering the usability of password managers","volume-title":"International Conference on Security and Privacy in Communication Systems.","author":"Stobert","year":"2020"},{"key":"2026033014311676100_ref232","first-page":"379","article-title":"From intent to action: Nudging users towards secure mobile payments","volume-title":"Sixteenth Symposium on Usable Privacy and Security (SOUPS 2020).","author":"Story","year":"2020"},{"key":"2026033014311676100_ref233","article-title":"Influencing factors and effectiveness of a security awareness campaign","volume-title":"MA thesis.","author":"Strand","year":"2018"},{"key":"2026033014311676100_ref234","doi-asserted-by":"crossref","first-page":"72","DOI":"10.1145\/2984393.2984403","article-title":"A review of continuous authentication using behavioral biometrics","volume-title":"Proceedings of the SouthEast European Design Automation, Computer Engineering, Computer Networks and Social Media Conference.","author":"Stylios","year":"2016"},{"key":"2026033014311676100_ref235","doi-asserted-by":"crossref","first-page":"271","DOI":"10.1109\/CW.2014.44","article-title":"A concept of social behavioral biometrics: motivation, current developments, and future trends","volume-title":"2014 International Conference on Cyberworlds.","author":"Sultana","year":"2014"},{"key":"2026033014311676100_ref236","first-page":"399","volume-title":"USENIX security symposium.","author":"Sunshine","year":"2009"},{"key":"2026033014311676100_ref237","article-title":"Nudge: Improving decisions about health, wealth, and happiness","author":"Thaler","year":"2009"},{"key":"2026033014311676100_ref238","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/2501604.2501618","article-title":"Usability and security evaluation of GeoPass: a geographic location-password scheme","volume-title":"Proceedings of the Ninth symposium on usable privacy and security.","author":"Thorpe","year":"2013"},{"key":"2026033014311676100_ref239","first-page":"239","article-title":"Security, availability, and multiple information sources: Exploring update behavior of system administrators","volume-title":"Sixteenth Symposium on Usable Privacy and Security (SOUPS 2020).","author":"Tiefenau","year":"2020"},{"key":"2026033014311676100_ref240","doi-asserted-by":"crossref","first-page":"1971","DOI":"10.1145\/3319535.3363220","article-title":"A usability evaluation of Let\u2019s Encrypt and Cert-bot: usable security done right","volume-title":"Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security.","author":"Tiefenau","year":"2019"},{"key":"2026033014311676100_ref241","doi-asserted-by":"crossref","first-page":"3775","DOI":"10.1145\/3025453.3026050","article-title":"Design and evaluation of a data-driven password meter","volume-title":"Proceedings of the 2017 chi conference on human factors in computing systems.","author":"Ur","year":"2017"},{"issue":"2","key":"2026033014311676100_ref242","doi-asserted-by":"crossref","first-page":"355","DOI":"10.25300\/MISQ\/2018\/14124","article-title":"Tuning out security warnings: A longitudinal examination of habituation through fMRI, eye tracking, and field experiments","volume":"42","author":"Vance","year":"2018","journal-title":"MIS Quarterly."},{"key":"2026033014311676100_ref243","doi-asserted-by":"crossref","first-page":"2215","DOI":"10.1145\/3025453.3025896","article-title":"\u201cWhat do we really know about how habituation to warnings occurs over time?","author":"Vance","year":"2017","journal-title":"Proceedings ofthe 2017 CHI Conference on Human Factors in Computing Systems."},{"key":"2026033014311676100_ref244","doi-asserted-by":"crossref","first-page":"128","DOI":"10.1109\/PST.2012.6297929","article-title":"Out of sight, out of mind: Effects of displaying access- control information near the item it controls","author":"Vaniea","year":"2012","journal-title":"2012 Tenth Annual International Conference on Privacy, Security and Trust."},{"key":"2026033014311676100_ref245","doi-asserted-by":"crossref","first-page":"3215","DOI":"10.1145\/2858036.2858303","article-title":"Tales of software updates: The process of updating software","author":"Vaniea","year":"2016","journal-title":"Proceedings ofthe 2016 chi conference on human factors in computing systems."},{"key":"2026033014311676100_ref246","doi-asserted-by":"crossref","first-page":"2671","DOI":"10.1145\/2556288.2557275","article-title":"Betrayed by updates: how negative experiences affect future security","author":"Vaniea","year":"2014","journal-title":"Proceedings of the SIGCHI Conference on Human Factors in Computing Systems."},{"issue":"8","key":"2026033014311676100_ref247","doi-asserted-by":"crossref","first-page":"927","DOI":"10.1002\/asi.24317","article-title":"\u201cMind the five\u201d: Guidelines for data privacy and security in humanitarian work with undocumented migrants and other vulnerable populations","volume":"71","author":"Vannini","year":"2020","journal-title":"Journal ofthe Association for Information Science and Technology."},{"issue":"2","key":"2026033014311676100_ref248","doi-asserted-by":"crossref","first-page":"273","DOI":"10.1111\/j.1540-5915.2008.00192.x","article-title":"Technology acceptance model 3 and a research agenda on interventions","volume":"39","author":"Venkatesh","year":"2008","journal-title":"Decision sciences."},{"issue":"2","key":"2026033014311676100_ref249","doi-asserted-by":"crossref","first-page":"186","DOI":"10.1287\/mnsc.46.2.186.11926","article-title":"A theoretical extension of the technology acceptance model: Four longitudinal field studies","volume":"46","author":"Venkatesh","year":"2000","journal-title":"Management science."},{"key":"2026033014311676100_ref250","doi-asserted-by":"crossref","first-page":"425","DOI":"10.2307\/30036540","article-title":"User acceptance of information technology: Toward a unified view","author":"Venkatesh","year":"2003","journal-title":"MIS quarterly:"},{"key":"2026033014311676100_ref251","article-title":"Data Breach Investigations Report\u201d.","volume-title":"Tech. rep. Verizon","author":"Verizon","year":"2020"},{"key":"2026033014311676100_ref252","first-page":"833","article-title":"To stay or leave? The relationship of emotional and informational support to commitment in online health support groups","author":"Wang","year":"2012","journal-title":"Proceedings of the ACM 2012 conference on computer supported cooperative work."},{"key":"2026033014311676100_ref253","first-page":"268","article-title":"Usable control in collaborative environments: Authorization based on people-tagging","volume-title":"European Symposium on Research in Computer Security.","author":"Wang","year":"2009"},{"key":"2026033014311676100_ref254","first-page":"1","article-title":"\u2018It\u2019s Problematic but I\u2019m not Concerned\u2019: University Perspectives on Account Sharing","volume":"6","author":"Wang","year":"2022","journal-title":"Proceedings ofthe ACM on Human-Computer Interaction."},{"issue":"4","key":"2026033014311676100_ref255","doi-asserted-by":"crossref","first-page":"82","DOI":"10.1109\/MSP.2018.3111237","article-title":"Inclusive security and privacy","volume":"16","author":"Wang","year":"2018","journal-title":"IEEE Security & Privacy."},{"key":"2026033014311676100_ref256","doi-asserted-by":"crossref","first-page":"2367","DOI":"10.1145\/2556288.2557413","article-title":"A field trial of privacy nudges for facebook","author":"Wang","year":"2014","journal-title":"Proceedings ofthe SIGCHI conference on human factors in computing systems."},{"key":"2026033014311676100_ref257","doi-asserted-by":"publisher","DOI":"10.1145\/1837110.1837125","volume-title":"Proc. SOUPS \u201810.","author":"Wash","year":"2010"},{"key":"2026033014311676100_ref258","first-page":"89","article-title":"Out of the loop: How automated software updates cause unintended security consequences","volume-title":"10th Symposium On Usable Privacy and Security (SOUPS) 2014).","author":"Wash","year":"2014"},{"key":"2026033014311676100_ref259","article-title":"Screen Reader User Survey #7 Results","author":"WebAIM","year":"2017"},{"key":"2026033014311676100_ref260","unstructured":"Whitten, A. and J.Tygar. (1999). \u201cWhy Johnny can\u2019t encrypt: A usability evaluation of PGP 5.0\u201d. In: Proc. SSYM\u201999.14\u201328. url: http :\/\/www.usenix.org\/events\/sec99\/full_papers\/whitten\/whitten.ps."},{"issue":"1","key":"2026033014311676100_ref261","doi-asserted-by":"crossref","first-page":"45","DOI":"10.1007\/s11948-007-9003-z","article-title":"The ethics of biometrics: the risk of social exclusion from the widespread use of electronic identification","volume":"13","author":"Wickins","year":"2007","journal-title":"Science and Engineering Ethics."},{"key":"2026033014311676100_ref262","unstructured":"Wikipedia\n . (2021). \u201c2017 Equifax data breach\u201d. url: https:\/\/en.wikipedia.org\/wiki\/2017_Equifax_data_breach."},{"key":"2026033014311676100_ref263","doi-asserted-by":"crossref","first-page":"2232","DOI":"10.1145\/3027063.3053127","article-title":"Everything\u2019s Cool: Extending Security Warnings with Thermal Feedback","volume-title":"Proceedings of the 2017 CHI conference extended abstracts on human factors in computing systems.","author":"Wilson","year":"2017"},{"key":"2026033014311676100_ref264","doi-asserted-by":"crossref","first-page":"93","DOI":"10.1145\/1622176.1622194","article-title":"Tapsongs: tapping rhythm-based passwords on a single binary sensor","author":"Wobbrock","year":"2009","journal-title":"Proceedings ofthe 22nd annual ACM symposium on User interface software and technology."},{"key":"2026033014311676100_ref265","doi-asserted-by":"crossref","first-page":"335","DOI":"10.1201\/9781482289688-39","volume-title":"Handbook of warnings.","author":"Wogalter","year":"2006"},{"key":"2026033014311676100_ref266","first-page":"51","article-title":"Communication-human information processing (C-HIP) model","volume-title":"Handbook of warnings:","author":"Wogalter","year":"2006"},{"key":"2026033014311676100_ref267","doi-asserted-by":"crossref","first-page":"113","DOI":"10.1145\/2991079.2991107","article-title":"Life-experience passwords (leps)","volume-title":"Proceedings ofthe 32nd Annual Conference on Computer Security Applications.","author":"Woo","year":"2016"},{"key":"2026033014311676100_ref268","first-page":"1","article-title":"\u201cA Reasonable Thing to Ask For\u201d: Towards a Unified Voice in Privacy Collective Action","volume-title":"CHI Conference on Human Factors in Computing Systems.","author":"Wu","year":"2022"},{"key":"2026033014311676100_ref269","doi-asserted-by":"crossref","unstructured":"Wu, Y., W. K.Edwards, and S.Das. (2022b). \u201cSoK: Social Cybersecurity\u201d. In: IEEE Symposium on Security and Privacy (Oak-land)(2022).https:\/\/sauvikdas.com\/uploads\/paper\/pdf\/36\/file.pdf.","DOI":"10.1109\/SP46214.2022.9833757"},{"key":"2026033014311676100_ref270","first-page":"1095","article-title":"Social influences on secure development tool adoption: why security tools spread","volume-title":"Proceedings ofthe 17th ACM conference on Computer supported cooperative work & social computing.","author":"Xiao","year":"2014"},{"key":"2026033014311676100_ref271","first-page":"1957","article-title":"Measuring mobile users\u2019 concerns for information privacy","volume-title":"Proceedings ofthe 2017 ACM Conference on Computer Supported Cooperative Work and Social Computing.","author":"Xu","year":"2012"},{"key":"2026033014311676100_ref272","first-page":"741","article-title":"Encouraging users to improve password security and memorability","volume-title":"International Journal of Information Security.","author":"Yildirim","year":"2019"},{"key":"2026033014311676100_ref273","first-page":"281","article-title":"WebAlly: Making Visual Task-based CAPTCHAs Transferable for People with Visual Impairments","volume-title":"Seventeenth Symposium on Usable Privacy and Security (SOUPS 2021).","author":"Zhang","year":"2021"},{"key":"2026033014311676100_ref274","first-page":"120","article-title":"Privacy-aware location privacy preference recommendations","volume-title":"Proceedings ofthe 11th international conference on mobile and ubiquitous systems: Computing, networking and services.","author":"Zhao","year":"2014"},{"issue":"1","key":"2026033014311676100_ref275","first-page":"75","article-title":"Big other: surveillance capitalism and the prospects of an information civilization","volume":"30","author":"Zuboff","year":"2015","journal-title":"Journal ofinformation technology."},{"key":"2026033014311676100_ref276","doi-asserted-by":"crossref","first-page":"27","DOI":"10.1145\/304851.304859","article-title":"User-centered security","volume-title":"Proceedings ofthe 1996 workshop on New security paradigms.","author":"Zurko","year":"1996"}],"container-title":["Foundations and Trends\u00ae in Privacy and Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.emerald.com\/ftsec\/article-pdf\/5\/1-2\/1\/11046479\/3300000026en.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/www.emerald.com\/ftsec\/article-pdf\/5\/1-2\/1\/11046479\/3300000026en.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,29]],"date-time":"2026-04-29T18:53:12Z","timestamp":1777488792000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.emerald.com\/ftsec\/article\/5\/1-2\/1\/1328583\/The-Security-amp-Privacy-Acceptance-Framework-SPAF"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,12,31]]},"references-count":276,"journal-issue":{"issue":"1-2","published-print":{"date-parts":[[2022,12,31]]}},"URL":"https:\/\/doi.org\/10.1561\/3300000026","relation":{},"ISSN":["2474-1558","2474-1566"],"issn-type":[{"value":"2474-1558","type":"print"},{"value":"2474-1566","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,12,31]]}}}