NSF Award
1817249
Despite advances in computer security, there are still situations in which users must manually perform computer security tasks (e.g., rebooting to apply updates). Although many people recognize that these tasks are important, they still procrastinate. Procrastination is often caused by the failure to properly weigh the long-term security benefits against short-term costs and the annoyance of interrupting the primary task. Researchers in decision-making and behavioral economics have studied this phenomenon of biased weighting for decades and yielded viable techniques for overcoming it in various domains, including health, savings, and charitable giving. Through this multidisciplinary research agenda, the investigators are empirically examining how these techniques can best be applied to computer security. The initial focus of this research is an investigation of how time commitments can encourage compliance with security tasks such as upgrades.<br/><br/>Various techniques to increase security compliance rates have been examined but none address a root cause of the problem: present bias. Present bias is the tendency to discount future risks and gains in favor of immediate gratifications. Based on insights from the field of behavioral economics, this project involves empirical studies to examine when and under what conditions commitment nudges, amongst other persuasion techniques aimed at countering present bias, can be used to improve security behaviors. Through the research team's joint expertise in computer security, human-computer interaction, decision-making, psychology, and behavioral economics, it is performing experiments to yield actionable insights on the design of future computer security user interfaces.<br/><br/>This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
