Other measures simply appear during the daily use of IT systems, for example SSL warnings or Android Permissions. In both cases, however, the intended protection is only effective if the user chooses to adopt, i.e. chooses to apply or mind, this measure. If the less secure iTAN method is preferred over the more secure chipTAN or if the Android permission screen is routinely dismissed without even looking at the presented information, then these measures are useless. Thus, the question arises why certain security measures cannot deliver the intended protection to end users and how such problems can be alleviated. This talk will address these questions using two examples, discussing factors that act as barriers to adoption, as well as a potential solution that leverages more effective risk communication to overcome existing adoption problems.

This talk will be held in English