Our research into the human factors of cybersecurity focuses on people as social actors whose security behaviors are influenced by their relationships, communities and life situations.

We leverage insights from social psychology and other fields to develop novel interventions and strategies for nudging adoption of expert-recommended tools and practices, such as using multi-factor authentication, creating unique passwords and regularly updating software.

Find us on the 3rd floor of Newell-Simon Hall at the Human-Computer Interaction Institute, School of Computer Science, Carnegie Mellon University. We are sponsored by the U.S. National Science Foundation under grant no. CNS-1704087.

Research Thrusts + Current Projects

Mini-Games

  • "C.A.L.Y.P.S.O.: Cybersecurity And Learning Your Privacy & Security Options" game [Play the Game]
  • "Apps vs. Hackers" web-hosted game [Poster] [Game]
  • "Hacked Time" desktop- and web-based game [Play the Game]

Everyday Interventions

  • Safesea plugin for Google Chrome browser [Poster]
  • Adulting 101 / "30-Day Adulting Challenge" embedded intervention
  • Social authentication methods for shared accounts and devices [Poster]

Adoption Strategies

Research Papers

  • Isadora Krsek, Kimi V. Wenzel, Sauvik Das, Jason I. Hong, and Laura A. Dabbish. 2022. To Self-Persuade or be Persuaded: Examining Interventions for Users' Privacy Setting Selection. In CHI Conference on Human Factors in Computing Systems (CHI '22), April 29-May 5, 2022, New Orleans, LA, USA. ACM, New York, NY, USA. 17 pages. Preprint available at: https://socialcybersecurity.org/files/CHI2022_FacebookPrivacy.pdf
  • Serena Wang, Cori Faklaris, Junchao Lin, Jason I. Hong, and Laura Dabbish. 2022. "It's Problematic but I'm not Concerned": University Perspectives on Account Sharing. In Proc. ACM Hum.-Comput. Interact. 6, CSCW1, Article 68 (April 2022), 27 pages. ACM, New York, NY, USA. Available at: https://corifaklaris.com/files/campus_sharing.pdf
  • Cori Faklaris, Laura Dabbish, and Jason I. Hong. 2022. Do They Accept or Resist Cybersecurity Measures? Development and Validation of the 13-Item Security Attitude Inventory (SA-13). arxiv preprint and white paper, 55 pages. Carnegie Mellon University. Available at: https://socialcybersecurity.org/files/SA13paper.pdf
  • Cori Faklaris, Laura Dabbish, and Jason I. Hong. 2022. Experimental Evidence for Using a TTM Stages of Change Model in Boosting Progress Toward 2FA Adoption. arxiv preprint and white paper, 41 pages. Carnegie Mellon University. Available at: https://arxiv.org/abs/2205.06937
  • Junchao Lin, Jason I. Hong, and Laura Dabbish. 2021. "It's our mutual responsibility to share": The Evolution of Account Sharing in Romantic Couples. In Proc. ACM Hum.-Comput. Interact. 5, CSCW1, Article 160 (April 2021), 27 pages. ACM, New York, NY, USA. Available at: https://socialcybersecurity.org/files/CSCW2021_lin.pdf
  • Tianying Chen, Margot Stewart, Zhiyu Bai, Eileen Chen, Laura Dabbish, and Jessica Hammer. 2020. Hacked Time: Design and Evaluation of a Self-Efficacy Based Cybersecurity Game. In Proceedings of the 2020 Designing Interactive Systems Conference (DIS 2020). ACM, New York, NY, USA. Available at: https://socialcybersecurity.org/files/DIS2020_HackedTime.pdf
  • Yunpeng Song, Cori Faklaris, Zhongmin Cai, Jason I. Hong, and Laura Dabbish. 2019. Normal and Easy: Account Sharing Practices in the Workplace. In Proceedings of the ACM: Human-Computer Interaction, Vol. 3, Issue CSCW, November 2019. ACM, New York, NY, USA. Available at: https://socialcybersecurity.org/files/CSCW2019_NormalAndEasy.pdf
  • Cori Faklaris, Laura Dabbish and Jason I. Hong. 2019. A Self-Report Measure of End-User Security Attitudes (SA-6). In Proceedings of the Fifteenth Symposium on Usable Privacy and Security (SOUPS 2019). USENIX Association, Berkeley, CA, USA. Available at: https://www.usenix.org/system/files/soups2019-faklaris.pdf
  • Sauvik Das, Laura Dabbish and Jason I. Hong. 2019. A Typology of Perceived Triggers for End-User Security and Privacy Behaviors. In Proceedings of the Fifteenth Symposium on Usable Privacy and Security (SOUPS 2019). USENIX Association, Berkeley, CA, USA. Available at: https://sauvikdas.com/uploads/paper/pdf/21/file.pdf
  • Cheul Young Park, Cori Faklaris, Siyan Zhao, Alex Sciuto, Laura Dabbish and Jason I. Hong. 2018. Share and Share Alike? An Exploration of Secure Behaviors in Romantic Relationships. In Proceedings of the Fourteenth Symposium on Usable Privacy and Security (SOUPS 2018). USENIX Association, Berkeley, CA, USA. Available at: https://www.usenix.org/system/files/conference/soups2018/soups2018-park.pdf
  • Cori Faklaris. 2018. Social Cybersecurity and the Help Desk: New Ideas for IT Professionals to Foster Secure Workgroup Behaviors. Workshop paper in the Proceedings of the 4th Workshop on Security Information Workers (WSIW 2018), Aug. 12, 2018,in Baltimore, MD, USA. USENIX Association, Berkeley, CA, USA. DOI: https://doi. org/10.13140/RG.2.2.35580.23686
  • Sauvik Das, Joanne Lo, Laura Dabbish, and Jason I. Hong. 2018. Breaking! A Typology of Security and Privacy News and How It's Shared. In Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems (CHI '18). ACM, New York, NY, USA, Paper 1, 12 pages. DOI: https://doi.org/ 10.1145/3173574.3173575
  • Sauvik Das, Adam D.I. Kramer, Laura A. Dabbish, and Jason I. Hong. 2015. The Role of Social Influence in Security Feature Adoption. In Proceedings of the 18th ACM Conference on Computer Supported Cooperative Work & Social Computing (CSCW '15). ACM, New York, NY, USA, 1416-1426. DOI: https://doi.org/10.1145/ 2675133.2675225
  • Sauvik Das, Adam D.I. Kramer, Laura A. Dabbish, and Jason I. Hong. 2014. Increasing Security Sensitivity With Social Proof: A Large-Scale Experimental Confirmation. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (CCS '14). ACM, New York, NY, USA, 739-749. DOI: https://doi.org/10.1145/ 2660267.2660271
  • Sauvik Das, Tiffany Hyun-Jin Kim, Laura A. Dabbish, and Jason I. Hong. 2014. The Effect of Social Influence on Security Sensitivity. In Proceedings of the Tenth Symposium on Usable Privacy and Security (SOUPS 2014). USENIX Association, Berkeley, CA, USA. Available at: https://www.usenix.org/system/files/conference/soups2014/ soups14-paper- das.pdf

Research Posters

  • Junchao Lin, Irene Yu, Jason Hong, and Laura Dabbish. 2020. "Did You Just Purchase a Butt Head on Amazon?": A Diary Study of Couples' Everyday Account Sharing. In Companion Publication of the 2020 Computer Supported Cooperative Work and Social Computing Conference (CSCW '20 Companion). ACM, New York, NY, USA, 311-315. Available at: https://socialcybersecurity.org/files/CSCW2020_diary.pdf
  • Tianying Chen, Jessica Hammer, and Laura Dabbish. 2019. Self-Efficacy-Based Game Design to Encourage Security Behavior Online. Poster and extended abstract for the 2019 CHI Conference on Human Factors in Computing Systems (CHI EA '19). ACM, New York, NY, USA, Paper LBW1610, 6 pages. DOI: https://doi.org/10.1145/3290607.3312935
  • Gustavo Umbelino, Rosie Sun, Cori Faklaris, Jason I. Hong, and Laura Dabbish. 2019. Safesea: A Chrome Plugin to Crowdsource Privacy Settings. Poster presentation for CMU Privacy Day at Carnegie Mellon University, Feb. 1, 2019. Available at: http://cups.cs.cmu. edu/privacy-day/2019/
  • Cori Faklaris, Laura Dabbish and Jason Hong. 2018. Adapting the Transtheoretical Model for the Design of Security Interventions. Poster and abstract for the Fourteenth Symposium on Usable Privacy and Security Adjunct (SOUPS 2018), Aug. 12-14, 2018,in Baltimore, MD, USA. USENIX Association, Berkeley, CA, USA. DOI: https://doi.org/10.13140/RG.2.2.15447.57760