(What is PGP? Or two-factor authentication?)
(Who would want to "hack" me?)
(How would I encrypt e-mail, anyway?)
“When I first had a smartphone I didn’t have a code, but then I started using one because everyone around me I guess had a code so I kind of felt a group pressure to also use a code.”—(P6, Male, 29, Programmer)
“Diversification of passwords. I had the same password for every service so I wanted to pick a stronger password”—(P6, Male, 29, Programmer)
“My mother had an iPhone before I did, and she always had the block on hers… I think just because I saw her doing it, it kind of just felt like it was something I had to do too.”—(P3, Female, 22, English Student)
“So when I was an undergrad I’ve been using it since then. And this four digit PIN everybody started using it and it was a hype."—(P14, Male, 24, IT Graduate Student)
Demonstrations of insecure behavior by friends and loved ones.
“When I was interning…one of my friends and a fellow intern came to my desk and just unlocked my phone. I was surprised...He put it against the sunlight and he saw I guess the smudges my finger left. He just followed the direction. Yeah, he had access to my phone.” —(P18, Male, 20, Engineering student)
“If I walk out of the room my friends just put up a funny status...or even just look through my messages or something like that... But once that happens, I usually change my password immediately”—(P19, Male, 20, Anthropology student)
“I don't think it will be dangerous...Like, my friends...have a lot of different accounts, the same as me. But they didn't get any trouble. So I think maybe it will not be dangerous.”—(P17, Female, 34, House wife)
“That’s one thing I will never talk about.”—(P11, Male, 54, Chef)
“It depends on the context. It does become a boring subject.”—(P9, Male, 30, Programmer)
Conversations focused on raising awareness of a threat that comes into the attention of the conversation initiator.
A warning-type conversation triggered by a security or privacy breach with the goal of warning friends and loved ones about a threat.
The threat was experienced either directly by the conversation initiator or by someone close.
“When I opened the e-mail, it said that they were...in England and they didn’t have enough money to come back to the States so can you send us some money...I was probably the first to contact them that they were hacked. I’m like, ‘This isn’t right. Something strange’“—(P11, Male, 54, Chef)
“I was having a conversation with somebody and they were saying, ‘Don’t you have your passcode on there anymore?’ And I said, ‘No, it’s a pain in the butt.’ And they said, ‘Well, it’d probably be a good idea especially if you like leave it lay around on your desk or something like that…’” (P7, Female, 54, Admin. Assistant)
Conversations focused on sharing specific information about good security behaviors to solve an immediate problem or avoid a future threat.
Generally one-way conversations where the lecturer informs the listener about good security practices.
Often parents to young children, adult children to parents, or managers to employees.
“I've told them to also use the same features that I do. Like having screen locks for phones and being more careful about passwords. And not logging into public computers and just leaving them without signing out.”—(P8, Male, 31, Accountant)
“One of my co-workers told me about the whole algorithm thing...it just helps you I guess have different passwords...I guess you can...change your algorithm, depending on I guess what you want to be in it. But, ever since, I started using it.”—(P18, male, 22 years old)
2. Conversations about security and privacy are rare, but when they occur, they are primarily to warn or to teach.
3. The observability of security tool usage is a key enabler of socially triggered behavior change and conversation.