Eye-Tracking Experiments on Web Security
Eye-tracking technology has undergone remarkable advancements in recent years, offering diverse applications in research. By precisely capturing participants' gaze movements, eye tracking provides insights into their visual perception and attention allocation. This innovative technology is utilized across various research domains to gain profound understanding of human behavior, cognitive processes, and interaction with the environment. PassSec+ is one application that will be evaluated in future research.
PassSec+ is a browser extension developed by SECUSO for Firefox and Google Chrome. It helps to better protect passwords, payment data, and other sensitive information by checking whether secure data input is ensured before entering such data. In case of doubt, it displays a dialog to assist the user in making decisions.
Future user studies aim to investigate the user's focus both with and without the use of supporting applications such as PassSec+ and assess its effectiveness in phishing prevention. The setup and structure of the study have already been predetermined.
Informational Material
The following applications are evaluated using eye-tracking to gain insights through metrics such as fixations on security indicators:
- PassSec+ - An add-on that protects your passwords, payment data and privacy
- SMILE4VIP - Smart eMaIl Link domain Extractor to support Visual Impaired People
- TORPEDO - Add-on, dass Sie dabei unterstützt, Phishing-E-Mails zu erkennen
Research Questions
Some initial research questions that will be answered during this research:
- Where do users base their security-relevant decisions?
- Which security indicators do users observe, perceive, and utilize in their decision-making processes?
- How do users include the perecived security indicators in there security-relevant decisions?
Some of our most relevant own publications
- PassSec+ 2.0–An add-on that protects your passwords, payment data and privacy.
Veit, M.; Volkamer, M. 2022. USENIX Soups - Poster.
- Design and field evaluation of PassSec: raising and sustaining web surfer risk awareness.
Volkamer, M.; Renaud, K.; Canova, G.; Reinheimer, B.; Braun, K. 2015. Trust and Trustworthy Computing: 8th International Conference, TRUST 2015, Heraklion, Greece,
August 24-26, 2015, Proceedings 8 (pp. 104-122). Springer International Publishing
- SMILE-smart eMaIl link domain extractor.
Mossano, M.; Berens, B.; Heller, P.; Beckmann, C.; Aldag, L.; Mayer, P.; Volkamer, M. 2021. European Symposium on Research in Computer Security (pp. 403-412).
Cham: Springer International Publishing.
- Influence of URL Formatting on Users' Phishing URL Detection.
Mossano, M.; Kulyk, O.; Berens, B. M.; Häußler, E. M.; Volkamer, M. 2023. Proceedings of the 2023 European Symposium on Usable Security (pp. 318-333).