Soteria: A Persuasive eSecurity Assistant
“…security is only as good as the weakest link, and people are the weakest link in the chain.” – B Schneier, 2002 Humans are often referred to as the “weakest link” in the security chain because of the poor security decisions taken by them. There can be many reasons for these decisions, such as lack of understandability of the software, lack of education, and lack of relevant information required to do that particular action. In this Thesis, we focus on the lack of relevant information required at the time of performing the action. In order to provide the user with relevant required at the time of performing an action, such as authentication using password, we created an eSecurity Assistant called Soteria. For the possible ways of delivering the information, we acquired the input of the actual user space. We conducted two mutually supporting user studies. The first study was an online questionnaire that was aimed at asking users whether they needed any security advice, and if they did, what the best way to deliver it to them was. The second study was a lab based study that was conducted on the basis of the results we obtained from the first study. We built a mockup design for Soteria on the basis of the results of this study and did the second user study to test the usability and acceptability of the system. Statistical analysis of both studies provide evidence that users do need help while they take security related decisions and were willing to get interrupted if the security of their smartphone was at stake.