Security When it is Welcome: Exploring Device Purchase as an Opportune Moment for Security Behavior Change

Abstract

Many security experts bemoan that consumers behave insecurely. Yet, current approaches to improving behavior either fail to consider when people may be most receptive to an intervention, or only consider experiences of threat (e.g., getting hacked) when identifying opportune moments for behavior change. We instead explore how an exemplar, positive experience – buying a new device – can serve as a “security trigger moment”. Through in-situ interviews with customers (n=85) and sales staff (n=21) across four branches of a major UK retailer, we characterise the potential for behavior change during device purchase. Further, rather than assuming that users are always ready for an intervention, we explore how the abilities and motivations of users and sales staff can influence the power of a security trigger moment to drive behavior change. Our work lays the foundation for identifying additional trigger moments and deploying targeted interventions when they are most welcome