Understanding "on the go" learnability of currently popular MMO games
Learnability determines whether players will return to play a game, or adopt the game. How do upwards of 5 million daily players, not necessarily previous gamers, learn how to play popular games like PUBG and Fortnite without a tutorial ? (MMO: Massively Multiplayer Online)
Classroom based independent project for course: Learning and Experience Design at DePaul University.
THE ERA OF CASUAL & CONVENIENT GAMING
Ubiquitous and multi-platform gaming has changed the way people perceive gaming
Users' presence on the web is constantly increasing through many devices and sensors, and the risk of personal data theft is pervasive. Though a vast array of security products and information sources are available, people don't often employ safe measures.
Americans have an online account associated with their personal information, and nearly 2/3rds of those reported having experienced data theft or fraud[source]
Average number of accounts are associated with an email in the US[source], but people tend to reuse their passwords, don't use two-factor authentication, and share data over unsecured networks[source]
We are beyond the antivirus era of device security, but do people view security from the same lens?
Exponential rates of growth in consumer technology has left potential gaps in adoption of cybersecurity measures. We surveyed literature to understand what kind of gaps there may be
What put's my information at risk: A study of effectiveness of cybersecurity campaigns suggests that the reason behind the ineffectiveness of informative campaigns is a disconnect between risk perception, and applying security advice towards reducing risk [source].
The convenience/security trade-off: A study of novice and expert users employing security measures revealed that novice users perceived less benefit in following security measures, and valued convenience over expert users [source].
What can I really control: In their study of cybersecurity attitudes, PEW reported - "Many Americans do not trust modern institutions to protect their personal data – even as they frequently neglect cybersecurity best practices in their own personal lives" [source].
HOW people use the web has changed vastly over time.
DOEs that parallel a similar understanding of changes in cyber risk and safe behavior?
Our team conducted user research to understand how people perceive cybersecurity risk, and how it aligns with the way they practice secure behaviour
Drawing inferences from research, we wanted to understand:
1. Risk perception of dangers of surfing the web
2. Risky behavior
3. Perceptions of cybersecurity in light of data breaches
4. Perception of security measures in day to day behavior
The research questions across methods were the same, but different methods allowed us to explore ways of generating unfiltered responses, and corroborate our line of exploration.
Task based observations
We asked 4 participants to create new Gmail accounts, and recorded their behavior around passwords, privacy notices, and data sharing in the presence of Gmail's security suggestions on the account creation pages
We conducted interviews with 8 participants, asking about perceptions of actions in browsing and browser features, account related activity, payment related activity, and using internet on different devices. We used this data to identify trends/themes to inform our data collection in the survey
We received 38 responses on our survey designed using Qualtrics. We asked people questions similar to the interview, but a mix of open ended, single choice, multiple choice and matrix choice questions may have allowed for unbiased responses.
We conducted statistical analyses to find correlations between groups, and qualitative analyses of responses to different topics.
online survey hosted on qualtrics
findings- risk and safety perceptions
We organized our findings into themes that emerged around security concerns.
In order to understand people's risk perception , and how it affects the way they practice safe measures, we divided them into groups of high risk perception or low risk perception, and safe or unsafe practices (based on number of measures followed, with scores assigned to each measure)
The 25 people who perceived high risk from browsing were equally likely to conduct safe or unsafe practices (No correlation between high risk and safe practices in a Chi square analysis). We then qualitatively analysed participant responses to understand how they approach cyber security.
1. Risk perception was highly influenced by current news, and risk was perceived from "unsecure websites"
When we asked people to describe risk associated with browsing, 19 out of 38 survey participants mentioned data breach as a risk. 21 people mentioned website based articles as their major source of cybersecurity information
Others perceived risk from hacking, phishing and fake websites, and indicated that they perceived risk from unsecure websites
38 survey participants assigned mean scores of >3 on a scale of 1(unsecure)-5(very secure) to brand name websites, websites with privacy policies, and well designed websites
38 participants rated items on a scale of 1 (very un-secure)- 5 (very secure). this figure shows mean scores
2. Visiting secure websites to be safe, people tended to rely on browsers and brand name websites to block un-secure areas of the web
63% people were likely to rely on browsers and brand name websites to keep them safe from cyber risk. (Chi square goodness of fit, at alpha=0.10, n=38)
Participants heavily relied on the browser to block popups, unsecure websites, and harmful file downloads (See high mean scores in figure below)
Yet, when asked about what makes them safe on the web, not a single participant mentioned popup-blockers and ad-blockers
participants scored security features on how much trust their browser to handle. Figure shows mean scores for 38 participants, on the scale of 1(do not rely on browser) - 5(heavily rely on browser)
3. It seemed to be more than a matter of convenience. People did not rely on the browser for the safety of their passwords and payment information, and actively took measures.
For sensitive data such as passwords and payment information, 16 participants reported that they don't rely on the browser (See low mean scores in figure above)
Participants mentioned using safe passwords, changing passwords, not saving credit card information
18 out of 38 mentioned a combination of numbers, special characters, letters for safe passwords, 19 mentioned using two-factor authentication, and many used 3rd party softwares such as Apple Pay for payment information
4. People perceived browsing to be secure on trusted websites, but they did not perceive control over the personal data they share with these websites when creating accounts or conducting transactions
25 out of 38 participants mentioned their trust in brand name websites to keep their data safe, and cited visiting trustworthy websites as a safe practice. One of the factors affecting website trust was the presence of a privacy notice
In the task-based observation of creating a Gmail account, participants briefly scrolled through the privacy notice and did not read the content
17 out of 38 survey respondents mentioned never changing autofill default settings, but did not particularly think of autofill as secure.
Control of data sharing was hidden under a "more options" link, and participants assumed that they had no choice over what data about themselves they could share
5. Beyond the idea of secure and unsecure websites, safe passwords and payment mechanisms, there seems to be a knowledge gap in terms of data at risk, and unsafe actions
Participants perceived password managers as not related to security, but remembering multiple passwords
More than half of the participants mentioned using anti-virus, but whether it was for web or device security wasn't clear
Most interview participants mentioned virus, trojan and malware as threats, but didn't mention how the threats affect their personal data
Participants indicated loss of control with the type of information being saved in autofill
Many perceived no benefit from device and application updates (which usually contain security patches)
user mental models of cyber security
Picturing a mental model of user perceptions of risk and security on the web beyond passwords
Risk associated with unsecure websites, rather than unsecure actions
People tended to associate risk with unsecure websites, and relied on their browsers to block unsecure websites
As a safety practice, they accessed trusted websites, but did not particularly focus on safety measures such as sharing passwords, connecting to free networks and security updates
The idea of what data is at risk, and what puts it at risk is unclear, limited to unsafe passwords or websites. People assumed no control over what data they can share when creating accounts
Most people used autofill, but did not edit browser settings to control what information is saved
Participants mentioned data breach, hacking and identity theft as risk on unsecure websites, but did not associate risk with their actions while browsing
Safe and unsafe areas of the web, and visiting trusted websites as secure behavior
More information about what data is at risk, such as contact information, browsing history and user profiles
Educating users by mapping web behavior to risk
Promote an understanding of secure and unsecure actions while browsing, such as using form autofill
Make existing security mechanisms more explicit, such as push notifications for updates with security patches, or warnings while connecting to public networks
Design of products with trust and privacy as core values, such as providing the right security information in a digestible form