Users' conceptions of web security: A comparative study

Batya Friedman, David Hurley, Daniel C. Howe, Edward Felten, Helen Nissenbaum

Research output: Contribution to conferencePaperpeer-review


This study characterizes users' conceptions of web security. Seventy-two individuals, 24 each from a rural community in Maine, a suburban professional community in New Jersey, and a high-technology community in California, participated in an extensive (2-hour) semi-structured interview (including a drawing task) about Web security. The results show that many users across the three diverse communities mistakenly evaluated whether a connection is secure or not secure. Empirically-derived typologies are provided for (1) conceptions of security based on users' verbal reasoning, (2) the types of evidence users depend upon in evaluating whether a connection is secure, and (3) conceptions of security as portrayed in users' drawings. Design implications are discussed.

Original languageEnglish (US)
Number of pages2
StatePublished - 2002
EventConference on Human Factors in Computing Systems - Minneapolis, MN, United States
Duration: Apr 20 2002Apr 25 2002


OtherConference on Human Factors in Computing Systems
Country/TerritoryUnited States
CityMinneapolis, MN


  • Security
  • User conceptions
  • User differences
  • User models
  • Value-sensitive design
  • WWW
  • Web models
  • Web security

ASJC Scopus subject areas

  • Software
  • Human-Computer Interaction
  • Computer Graphics and Computer-Aided Design

Cite this