"It's Time. Time for Digital Security.": An End User Study on Actionable Security and Privacy Advice

Digital security advice is the focus of much research, with unsatisfying results: End users do not follow experts' security advice, and users and experts struggle to prioritize existing advice. Several studies point out that users are over-whelmed by the amount of available security advice, and make recommendations on how to improve existing advice. Nevertheless, we still do not know how to effectively give security advice. Inspired by daily habit apps, we developed a set of 30 pieces of short and actionable advice, and the Security App, an Android smartphone app to provide this advice to end users, to reduce mental effort, and to build secure habits. We conducted a 30-day online end-user (N=74) study to evaluate whether the set of advice is actionable and meaningful to users, whether users adopt the advice, and whether the app has an impact on security awareness and behavior. Our results show that the app is an appropriate tool to provide security advice to end users. Participants perceive the majority of tasks as comprehensible, actionable, and useful, and we show that the app in fact introduces secure behaviors. Our results can serve as a basis for future research on security advice and creating secure habits, and the possibility to effectively teach secure behavior.