Abstract

Commitment devices are a technique from behavioral economics that have been shown to mitigate the effects of present bias—the tendency to discount future risks and gains in favor of immediate gratifications. In this paper, we explore the feasibility of using commitment devices to nudge users towards complying with varying online security mitigations. Using two online experiments, with over 1,000 participants total, we offered participants the option to be reminded or to schedule security tasks in the future. We find that both reminders and commitment nudges can increase users’ intentions to install security updates and enable two-factor authentication, but not to configure automatic backups. Using qualitative data, we gain insights into the reasons for postponement and how to improve future nudges. We posit that current nudges may not live up to their full potential, as the timing options offered to users may be too rigid.

Bio: Dr. Alisa Frik is a postdoctoral researcher at the International Computer Science Institute (ICSI) and the University of California, Berkeley. She works with the Usable Security and Privacy research group, under the direction of Dr. Serge Egelman. Her current projects are about usable security for emerging healthcare technologies for older adults, increasing users’ computer security compliance by reducing present bias, personalised security nudges, bystanders’ privacy, privacy concerns of domestic workers, privacy expectations regarding always listening voice assistant devices, and the effects of ad-blockers on consumers’ welfare. She has obtained a Ph.D. degree in Behavioral and Experimental Economics and Social Sciences from the University of Trento, Italy. She also spent 1 year visiting the Carnegie Mellon University, where she worked with Prof. Alessandro Acquisti. She has done research on the the impact of risk tolerance and need for control on the privacy related behaviors, and implicit measurement of privacy risk attitudes; factors affecting consumers’ trust with respect to how e-commerce websites will treat their personal information and subsequent intention to purchase from such websites. Dr. Frik’s preferred methodological tools include lab and field experiments, surveys, focus groups, interviews, and participatory design.