Conducting Usable Security Studies: It's Complicated presented at SecuritySymposium 2015

by Lorrie Faith Cranor,

Summary : User studies are critical to understanding how users perceive and interact with security and privacy software and features. However, conducting usable privacy and security studies is complicated. In some studies, researchers recruit participants to perform tasks not directly related to security so that they can observe how participants respond to security-related prompts or cues that occur while users are focused on primary tasks. Researchers also try to put users in situations where they believe their security or privacy is at risk, while at the same time making sure that participants will not actually suffer harm. When conducting usable security studies there are a lot of methodological details to get right, and studies don't always go quite as planned. In this talk I will offer a behind-the-scenes look at usable privacy and security study design and present lessons learned from over a decade of user studies at the CyLab Usable Privacy and Security Lab at Carnegie Mellon University.