Digital security advice is the focus of much research, with unsatisfying results: End users do not follow experts' security advice, and users and experts struggle to prioritize the existing set of advice. Several studies pointed out that users are overwhelmed by the amount of available security advice, and made recommendations on how to improve existing advice. Nevertheless, we still do not know how to effectively give security advice. Therefore, we developed a set of 30 pieces of short and actionable advice, and an Android smartphone app to provide this advice to end users, to reduce mental effort, and to build secure habits. We conducted an end-user study (N=74) over 30 days to evaluate whether the set of advice is actionable and meaningful to users, and whether users adopt the advice. Besides, the aim of the study was to investigate whether the app has an impact on security awareness and behavior.\\ The results show that the app is an appropriate means to provide security advice to end users. Participants perceive the majority of tasks as comprehensible, actionable, and useful, and that the app in fact introduces secure behaviors. Our results serve as a basis for future research on security advice and creating secure habits, and the possibility to effectively teach end users secure behavior.
IEEE Symposium on Security and Privacy (S&P)
2025-05-12
2024-10-17