"Should I Worry?" A Cross-Cultural Examination of Account Security Incident Response

TL;DR

This study explores how users from diverse cultures respond to suspicious login incidents on Facebook, revealing common patterns and areas for improving security support through qualitative interviews.

Contribution

It provides a cross-cultural analysis of user incident response processes, highlighting key insights for enhancing digital security interventions.

Findings

Identified a common incident response process across cultures.

Revealed unique information-seeking behaviors during security incidents.

Highlighted differences in threat perception and response strategies.

Abstract

Digital security technology is able to identify and prevent many threats to users accounts. However, some threats remain that, to provide reliable security, require human intervention: e.g., through users paying attention to warning messages or completing secondary authentication procedures. While prior work has broadly explored people's mental models of digital security threats, we know little about users' precise, in-the-moment response process to in-the-wild threats. In this work, we conduct a series of qualitative interviews (n=67) with users who had recently experienced suspicious login incidents on their real Facebook accounts in order to explore this process of account security incident response. We find a common process across participants from five countries -- with differing online and offline cultures -- allowing us to identify areas for future technical development to best support user security. We provide additional insights on the unique nature of incident-response information seeking, known attacker threat models, and lessons learned from a large, cross-cultural qualitative study of digital security.