Abstract
Individual and organizational computer security rests on how people interpret and use the security information they are presented. One challenge is determining whether a given URL is safe or not. This paper explores the visual behaviors that users employ to gauge URL safety. We conducted a user study on 20 participants wherein participants classified URLs as safe or unsafe while wearing an eye tracker that recorded eye gaze (where they look) and pupil dilation (a proxy for cognitive effort). Among other things, our findings suggest that: users have a cap on the amount of cognitive resources they are willing to expend on vetting a URL; they tend to believe that the presence of www in the domain name indicates that the URL is safe; and they do not carefully parse the URL beyond what they perceive as the domain name.
| Original language | English (US) |
|---|---|
| Title of host publication | Proceedings ETRA 2020 Full Papers - ACM Symposium on Eye Tracking Research and Applications |
| Editors | Stephen N. Spencer |
| Publisher | Association for Computing Machinery |
| ISBN (Electronic) | 9781450371339 |
| DOIs | |
| State | Published - Feb 6 2020 |
| Externally published | Yes |
| Event | 2020 ACM Symposium on Eye Tracking Research and Applications, ETRA 2020 - Stuttgart, Germany Duration: Jun 2 2020 → Jun 5 2020 |
Publication series
| Name | Eye Tracking Research and Applications Symposium (ETRA) |
|---|
Conference
| Conference | 2020 ACM Symposium on Eye Tracking Research and Applications, ETRA 2020 |
|---|---|
| Country/Territory | Germany |
| City | Stuttgart |
| Period | 6/2/20 → 6/5/20 |
Bibliographical note
Publisher Copyright:© 2020 ACM.
Keywords
- cognitive psychology
- eye tracking
- phishing
- reading
- usable security
- user study