Embed Size (px)
Citation preview
1
Older Users, Children and Information Assurance
Jonathan Lazar and Jinjuan Feng
Overview Older users and IA applications
Background on older users Online security for older users Security related concerns for older users Older users and specific IA applications
Children and IA applications Background on children Children and IA applications Addressing children’s needs
2
How many older users go online?
Statistics from 2009: 38% of adults 65 and older in the USA go online 26% of adults 65 and older in the USA have
broadband access at home Less likely to use hand-held devices or smart
phones for Internet access 56% of internet users ages 64-72 and 47% of
internet users age 73 and older purchase items online
74% of internet users age 64+ send and receive e-mail
All data from www.pewinternet.org
Background on older users
There are many different definitions for “older” or “mature” users 65 and older? 80 and older? There IS a difference!
Different generations have different levels of computer experience Those in their 50s have much higher computer
experience levels, much higher access levels, and this is not expected to decline much as they age
So there is expected to be a greater number of “older users” in the future
But each older user has their own unique set of strengths and challenges
Background on older users
Cognitive, perceptual, and motor abilities all decline with age This is gradual, which is different from many who
have impairments or disabilities Frequent problems include:
More challenges with fine-motor skills Need larger clickable icons Need more time to respond More frustration with errors and error messages Trouble dealing with multiple application windows Make sure that interfaces work if a user is
keyboard-only
Web design for older users
Guidelines from the US National Institutes on Aging suggest: Minimum 12 point font Using only sans serif fonts (such as Arial,
Helvetica, and Verdana) Left-justified text with plenty of white space Limiting use of pull-down menus Limiting use of scrolling text Provide a site map
From www.nlm.nih.gov/pubs/checklist.pdf
Online security for older users
As people get older (especially into their 80s and 90s), they may have limited mobility, and limited ability to drive a car
Therefore, this is potentially a big market for food and clothing shopping, banking, news, and other forms of e-commerce
Older users are most likely to use the web for information searches, e-mail, and buying products.
We also know that older users frequently use facebook
All of these types of sites are heavy users of security
Something to think about…
Older users are often worried about being taken advantage of, of scams, of identity theft
For older users, web experience (their usage patterns) may be very different from web expertise (how confident and knowledgeable they are)
Older users need to learn about the web in a more collaborative fashion than they currently do, as more collaborative web learning actually improves web expertise
But again, not all older users have degraded abilities, it depends on the individual
Security-related concerns for older users
Memory Short-term memory limitations may be
problematic for passwords Mobility
Older users may have coordination problems, so very accurate pointing should not be required
Vision Older users should not be required to observe very
fine details on the screen From McEwan, Gulliksen, and Benyon, 2005
Security-related concerns for older users
Time While older users may need more time to complete
a security mechanism, they are also less likely to be impatient, and therefore are more willing to take time to complete the security mechanism
Special equipment If any special equipment must be installed at the
user’s home or workplace for security reasons, this may be problematic
Some form of user modeling or adaptive interfaces may help meet the specific needs of each user
From McEwan, Gulliksen, and Benyon, 2005
Common forms of web security
Passwords Security questions Human Interaction Proofs (HIPs) Biometrics
Passwords
In general, people often choose passwords that are not complex enough, and are easy to break. And then they re-use the same passwords on multiple accounts
Remembering passwords becomes more difficult with advanced age
If passwords must be complex and changed often, chances are good that they will be written down
Often, cues (hints) can help jog user memory about the nature of their password But the cues must be vague enough that they
would not help an outsider gain access
Security questions
If security questions are commonly understood ones (e.g. “in what city were you born?”), older users should not have any problem with them
Make sure that security questions are relevant to older users Don’t ask, “what is your favorite video game?”
You also can ask users to create their own security questions But often, these wind up being easy to crack
(e.g. “Who is the President of the United States?”)
Security questions
Security questions only become problematic if someone starts to have cognitive limitations such as Dementia
Remember to ask security questions with answers that do not change over time
Human Interaction Proofs
Human interaction proofs, most commonly implemented as CAPTCHAs, require users to complete a challenge
The challenge is to determine the difference between a human user and an automated software bot or virus
Human interaction proofs
HIPs come in both visual and audio format The most popular HIPs have distortion so that
bots or viruses cannot crack them using image or sound recognition
The distortion in HIPs, coupled with the decrease in visual and hearing ability, are what causes the HIPs to be problematic for older users
It is not known yet whether HIPs that do not use distortion would be problematic as well
Biometrics
Biometrics seem to be ideal for older users, since it does not rely on users remembering anything or being able to complete any specific tasks
Fingerprints seem to work well, but vein recognition (where the vein structure in the palm of the hand is used) seems to have even higher accuracy
Instructions, and where users must place hand/finger, must be clear and unambiguous
Biometrics
Voice recognition and iris/retina scanning could potentially be effective for older users, but it depends on the individual user
What happens if some users have degraded voice quality, trembling voice, or cataracts?
Allowing for multiple forms of acceptable biometrics will be most effective
Is biometrics cost-effective for most web sites?
Little research has been done on biometrics and older users
Default settings
Older users are not likely to change the default settings Settings for information sharing on Facebook Settings for software installation Factory-installed settings
Older users need to be made aware of how to change security settings, as well as information sharing settings
Potential approaches
Smart cards are ideal for older users, since they require no additional cognitive load, however, they are infrequently used for web sites, unless it’s a secure workplace web site
Handwriting recognition, where the users have to recognize their own handwriting out of a group of handwriting segments, has potential for older users, however, there is a large set-up in terms of overhead
McEwan, Gulliksen, and Benyon, 2005
Potential approaches
Older users are often not aware of the distinctions involved in what makes a site secure They do not notice the marks of credibility
within a web page or browser, which often are small and hard to notice
Older users need more instruction on evaluating the credibility of various web sites and e-mails, so that they do not fall victim to phishing scams
Need to know more about anti-virus software
How are children different?
Computers and the internet have become an important part of the everyday life for many children
Children are very different from adults in motor, cognitive, and perceptual skills (see to the figure on the following slide)
At around age 12, most children acquire similar cognitive, motor, and perceptual skills as adults. The difference between them and adults mainly lies in interests and tastes.
22
Development path of children
23
Children and IA applications Although children are unlikely to get
involved in online shopping or banking activities, they still encounter IA applications when using emails or access specific online information
Children are also likely to be trusting, making them vulnerable to online predators
24
Children and authentication mechanisms Due to limited cognitive abilities,
children may have problem understanding why authentication is needed and how it works
It is also challenge for them to remember the user name and password
Entering the user name and password correctly in a timely manner can be another challenge
25
Address children’s needs Existing research on children and IA applications
is extremely limited One fundamental challenge is to lower the
cognitive demand for the existing security and privacy related mechanisms while preserving the desired level of protection
Passwords based on mnemonic phrases may be more appropriate for children
New security models that adapt to the children’s needs and threats may be a potential solution
26
General design guidelines for children The design needs to consider the evolving
skills of children as they grow older Instructions and menu design need to consider
the users’ reading level The font size should not be too small The design need to consider children’s short
attention span Iconic language might be considered to deliver
specific information or concepts
27
