Whenever a computing system requires interaction with users in security and privacy domains, e.g., when users have to manage passwords or adjust their privacy settings, decisions have to be made on both sides – on the side of the users and on the side of the security experts. In the Human Factors in Security and Privacy Group, we take a closer look at how people interact with security and privacy mechanisms. We investigate security and privacy attitudes and behavior of end users and of security experts.
Research questions cover, but are not limited to, the following areas:
Mental models of security and privacy
Risk perception and decision making in security and privacy context
Security and privacy in the Internet of Things
We are especially committed to the notion of evidence-based security: Just like in the evidence-based medicine, the value is placed on robust experimental methods, careful data analysis and integration of users’ needs and priorities into security management processes.