Skip to main content
SpringerLink
Log in

“I’m Doing the Best I Can.”

Understanding Technology Literate Older Adults’ Account Management Strategies

  • Conference paper
  • First Online:
Socio-Technical Aspects in Security (STAST 2021)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13176))

Included in the following conference series:

Abstract

Older adults are becoming more technologically proficient and use the internet to participate actively in society. However, current best security practices can be seen as unusable by this population group as these practices do not consider the needs of an older adult.

Aim. We aim to develop a better understanding of digitally literate, older adults’ online account management strategies and the reasons leading to their adoption.

Method. We carry out two user studies (n = 7, n = 5). The first of these gathered information on older adults’ account ecosystems and their current online security practice. In the second, we presented security advice to the same group of older adults facilitated by a bespoke web application. We used this to learn more about the reasons behind older adults’ security practices by allowing them to reflect on the reported security vulnerabilities in account ecosystems.

Results. Our participants are aware of some online security practices, such as not to reuse passwords. Lack of trust in their own memory is a critical factor in their password management and device access control strategies. All consider finance-related accounts as their most important accounts, but few identified the secondary accounts (e.g. emails for account recovery) or devices that provide access to these as very important.

Conclusions. Older adults make a conscious choice to implement specific practices based on their understanding of security, their trust in their own abilities and third-parties, and the usability of a given security practice. While they are well-aware of some best security practices, their choices will be different if the best security practice does not work in their personal context.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 79.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Age UK: Computer training courses - it training services, August 2020. https://www.ageuk.org.uk/services/in-your-area/it-training/. Accessed 21 Sept 2021

  2. Age UK: Uncovering the extent of cybercrime across the UK, June 2020. https://www.ageuk.org.uk/discover/2020/06/cybercrime-uk/. Accessed 21 Sept 2021

  3. Alves, L.M., Wilson, S.R.: The effects of loneliness on telemarketing fraud vulnerability among older adults. J. Elder Abuse Negl. 20(1), 63–85 (2008)

    Article  Google Scholar 

  4. Bonneau, J.: The science of guessing: analyzing an anonymized corpus of 70 million passwords. In: IEEE Symposium on Security and Privacy, SP 2012, 21–23 May 2012, San Francisco, California, USA, pp. 538–552. IEEE Computer Society (2012)

    Google Scholar 

  5. Caine, K.: Local standards for sample size at CHI, pp. 981–992. Association for Computing Machinery, New York (2016)

    Google Scholar 

  6. Carpenter, B.D., Buday, S.: Computer use among older adults in a naturally occurring retirement community. Comput. Hum. Behav. 23(6), 3012–3024 (2007)

    Article  Google Scholar 

  7. Crabb, M., Menzies, R., Waller, A.: The user centre. In: History of HCI 2020 (2020)

    Google Scholar 

  8. Das, A., Bonneau, J., Caesar, M., Borisov, N., Wang, X.: The tangled web of password reuse. In: NDSS, vol. 14, pp. 23–26 (2014)

    Google Scholar 

  9. Egelman, S., Cranor, L.F., Hong, J.: You’ve been warned: an empirical study of the effectiveness of web browser phishing warnings. In: Proceedings SIGCHI Conference on Human Factors in Computing Systems, pp. 1065–1074 (2008)

    Google Scholar 

  10. Fagan, M., Albayram, Y., Khan, M.M.H., Buck, R.: An investigation into users’ considerations towards using password managers. HCIS 7(1), 1–20 (2017)

    Google Scholar 

  11. Flick, U.: The SAGE Handbook of Qualitative Data Analysis. Sage (2013)

    Google Scholar 

  12. Florencio, D., Herley, C.: A large-scale study of web password habits. In: Proceedings 16th International Conference on World Wide Web, pp. 657–666 (2007)

    Google Scholar 

  13. Frik, A., Nurgalieva, L., Bernd, J., Lee, J., Schaub, F., Egelman, S.: Privacy and security threat models and mitigation strategies of older adults. In: 15th Symposium Usable Privacy and Security (SOUPS 2019), pp. 21–40. USENIX Association (2019)

    Google Scholar 

  14. Grassi, P.A., Garcia, M.E., Fenton, J.L.: Digital identity guidelines (2017). NIST Special Publication 800-63-3 (2017)

    Google Scholar 

  15. Grassi, P.A., et al.: Digital identity guidelines: authentication and lifecycle management. NIST Special Publication 800-63B (2017)

    Google Scholar 

  16. Grimes, G.A., Hough, M.G., Mazur, E., Signorella, M.L.: Older adults’ knowledge of internet hazards. Educ. Gerontol. 36(3), 173–192 (2010)

    Article  Google Scholar 

  17. Grimes, G.A., Hough, M.G., Signorella, M.L.: Email end users and spam: relations of gender and age group to attitudes and actions. Comput. Hum. Behav. 23(1), 318–332 (2007)

    Article  Google Scholar 

  18. Hammann, S., Crabb, M., Radomirovic, S., Sasse, R., Basin, D.: I’m surprised so much is connected. In: Proceedings 2022 CHI Conference on Human Factors in Computing Systems, pp. 620:1–620:13 (2022)

    Google Scholar 

  19. Hammann, S., Radomirović, S., Sasse, R., Basin, D.: User account access graphs. In: Proceedings 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 1405–1422 (2019)

    Google Scholar 

  20. Haque, S.T., Wright, M., Scielzo, S.: A study of user password strategy for multiple accounts. In: Proceedings Third ACM Conference on Data and Application Security and Privacy, pp. 173–176 (2013)

    Google Scholar 

  21. Harbach, M., Fahl, S., Yakovleva, P., Smith, M.: Sorry, I don’t get it: an analysis of warning message texts. In: Adams, A.A., Brenner, M., Smith, M. (eds.) FC 2013. LNCS, vol. 7862, pp. 94–111. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-41320-9_7

    Chapter  Google Scholar 

  22. Hornung, D., Müller, C., Shklovski, I., Jakobi, T., Wulf, V.: Navigating relationships and boundaries: concerns around ICT-uptake for elderly people. In: Proceedings 2017 CHI Conference on Human Factors in Computing Systems, pp. 7057–7069 (2017)

    Google Scholar 

  23. Ives, B., Walsh, K.R., Schneider, H.: The domino effect of password reuse. Commun. ACM 47(4), 75–78 (2004)

    Article  Google Scholar 

  24. Kelley, P.G., et al.: Guess again (and again and again): measuring password strength by simulating password-cracking algorithms. In: IEEE Symposium Security and Privacy, SP 2012, pp. 523–537. IEEE Computer Society (2012)

    Google Scholar 

  25. Knowles, B., Hanson, V.L.: The wisdom of older technology (non)users. Commun. ACM 61(3), 72–77 (2018)

    Article  Google Scholar 

  26. Lee, N.M.: Fake news, phishing, and fraud: a call for research on digital media literacy education beyond the classroom. Comm. Educ. 67(4), 460–466 (2018)

    Article  Google Scholar 

  27. Martin, N., Rice, J.: Spearing high net wealth individuals: the case of online fraud and mature age internet users. Int. J. Inf. Secur. Priv. (IJISP) 7(1), 1–15 (2013)

    Article  Google Scholar 

  28. McDonald, N., Schoenebeck, S., Forte, A.: Reliability and inter-rater reliability in qualitative research: norms and guidelines for CSCW and HCI practice. Proc. ACM Hum. Comput. Interact. 3(CSCW), 1–23 (2019)

    Google Scholar 

  29. Moncur, W., Waller, A.: Digital inheritance. In: Proceedings RCUK Digital Futures Conference. ACM, Nottingham (2010)

    Google Scholar 

  30. National Cyber Security Centre: Improve your online security today. https://www.ncsc.gov.uk/cyberaware/home. Accessed 21 Sept 2021

  31. National Cyber Security Centre: Password administration for system owners. https://www.ncsc.gov.uk/collection/passwords/updating-your-approach. Accessed 21 Sept 2021

  32. Nicholson, J., Coventry, L., Briggs, P.: “If It’s important it will be a headline”: cybersecurity information seeking in older adults, pp. 1–11. Association for Computing Machinery, New York (2019)

    Google Scholar 

  33. OFCOM: Adults’ Media Use & Attitudes report 2020/21. https://www.ofcom.org.uk/research-and-data/media-literacy-research/adults/adults-media-use-and-attitudes. Accessed 21 Sept 2021

  34. Pearman, S., et al.: Let’s go in for a closer look: observing passwords in their natural habitat. In: Proceedings 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 295–310 (2017)

    Google Scholar 

  35. Pearman, S., Zhang, S.A., Bauer, L., Christin, N., Cranor, L.F.: Why people (don’t) use password managers effectively. In: 15th Symposium on Usable Privacy and Security (SOUPS 2019), pp. 319–338. USENIX Association, Santa Clara (2019)

    Google Scholar 

  36. Peek, S.T., et al.: Older adults’ reasons for using technology while aging in place. Gerontology 62(2), 226–237 (2016)

    Article  Google Scholar 

  37. Pilar, D.R., Jaeger, A., Gomes, C.F.A., Stein, L.M.: Passwords usage and human memory limitations: a survey across age and educational background. PLOS ONE 7(12), 1–7 (2012). https://doi.org/10.1371/journal.pone.0051067

  38. Ray, H., Wolf, F., Kuber, R., Aviv, A.J.: Why older adults (don’t) use password managers. In: 30th USENIX Security Symposium, USENIX Security 2021, pp. 73–90. USENIX Association (2021)

    Google Scholar 

  39. Redmiles, E.M., Liu, E., Mazurek, M.L.: You want me to do what? A design study of two-factor authentication messages. In: 13th Symposium on Usable Privacy and Security, SOUPS 2017. USENIX Association (2017)

    Google Scholar 

  40. Sears, A., Hanson, V.L.: Representing users in accessibility research. ACM Trans. Access. Comput. 4(2) (2012)

    Google Scholar 

  41. Shay, R., et al.: Designing password policies for strength and usability. ACM Trans. Inf. Syst. Secur. 18(4), 13:1–13:34 (2016)

    Google Scholar 

  42. Simons, J.J., Phillips, N.J., Chopra, R., Slaughter, R.K., Wilson, C.S.: Protecting older consumers 2019–2020: a report of the federal trade commission to congress (2020). https://www.ftc.gov/reports/protecting-older-consumers-2019-2020-report-federal-trade-commission. Accessed 21 Sept 2021

  43. Stobert, E., Biddle, R.: A password manager that doesn’t remember passwords. In: Proceedings 2014 New Security Paradigms Workshop, pp. 39–52 (2014)

    Google Scholar 

  44. Tennant, B., et al.: eHealth literacy and web 2.0 health information seeking behaviors among baby boomers and older adults. J. Med. Internet Res. 17(3), e70 (2015)

    Google Scholar 

  45. Tracy, S.J.: Qualitative Research Methods: Collecting Evidence, Crafting Analysis, Communicating Impact. Wiley, Oxford (2019)

    Google Scholar 

  46. Vroman, K.G., Arthanat, S., Lysack, C.: “Who over 65 is online?” Older adults’ dispositions toward information communication technology. Comput. Hum. Behav. 43, 156–166 (2015)

    Google Scholar 

  47. Wang, C., Jan, S.T., Hu, H., Bossart, D., Wang, G.: The next domino to fall: empirical analysis of user passwords across online services. In: Proceedings Eighth ACM Conference on Data and Application Security and Privacy, pp. 196–203 (2018)

    Google Scholar 

  48. Wash, R., Rader, E., Berman, R., Wellmer, Z.: Understanding password choices: how frequently entered passwords are re-used across websites. In: Twelfth Symposium on Usable Privacy and Security (SOUPS 2016), pp. 175–188 (2016)

    Google Scholar 

Download references

Acknowledgments

We are grateful to Karen Renaud for her excellent suggestions on how to improve the paper and the anonymous reviewers for the careful reading and helpful comments. We would also like to thank all members of the Bytes and Blether group at the University of Dundee that took part in this work.

Author information

Authors and Affiliations

  1. University of Glasgow, Glasgow, UK

    Melvin Abraham

  2. University of Dundee, Dundee, UK

    Michael Crabb

  3. Heriot-Watt University, Edinburgh, UK

    Saša Radomirović

Authors
  1. Melvin Abraham
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Michael Crabb
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Saša Radomirović
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Melvin Abraham , Michael Crabb or Saša Radomirović .

Editor information

Editors and Affiliations

  1. Delft University of Technology, Delft, The Netherlands

    Simon Parkin

  2. King's College London, London, UK

    Luca Viganò

Appendices

A Interview 1 Script

Demographic

  1. 1.

    What is your age bracket? (a) 60–69 (b) 70–79 (c) 80–89 (d) 90–99 (e) 100+

  2. 2.

    What sex would you classify yourself as? (a) male (b) female (c) transgender (d) non-binary (e) other (f) prefer not to say

  3. 3.

    What is/was your occupation

  4. 4.

    How do you personally rate your technological literacy?

Finding Information Security Advice

  1. 1.

    How important do you think it is to be secure online?

  2. 2.

    How do you decide what your online security practices are?

  3. 3.

    Do you face any challenges implementing online security for your situation?

  4. 4.

    How do you prefer this type of information being presented to you?

Day to Day Security

  1. 1.

    What do you do to keep yourself secure online? – Why?

  2. 2.

    Are you worried about your online security? – Why?

  3. 3.

    What do you wish was easier regarding online security?

Account Ecosystem. I will now ask you questions about your account ecosystems. For each item you introduce you will give it a nickname such as Social1, Password2 or EmailOL. This is so that you can protect your privacy and not disclose any of your passwords. Please do not share any sensitive information such as passwords and PINs. We can revisit questions you have answered.

  1. 1.

    What devices do you use to access the internet?

    1. (a)

      For each device give it a nickname. (Examples: Laptop1, WorkPhone2)

    2. (b)

      What are the login methods and things you need to access it?

      1. i.

        Give a nickname for each entity needed or refer to the nickname that entity was given if already mentioned in the interview.

      2. ii.

        Is this method a recovery method for this account?

    3. (c)

      Can you view messages and notifications on this device when it is locked?

    4. (d)

      Are there any comments you have on this device you would like to share?

    Repeat (a)–(d) for every Device.

  2. 2.

    Do you use password managers to access any of your accounts?

    1. (a)

      Give each password manager a nickname. (Examples: PM1, Manager1)

    2. (b)

      What are the login methods and things you need to access it?

      1. i.

        Give a nickname for each entity needed or refer to the nickname that entity was given if already mentioned in the interview.

      2. ii.

        Is this method a recovery method for this password manager?

    3. (c)

      Do you have open sessions (logged in permanently) with this password manager?

      1. i.

        For each open session assign a nickname for each entity or refer to the nickname that entity was given if already mentioned.

    4. (d)

      Are there any comments you have on this password manager you would like to share?

    Repeat (a)–(d) for every password manager.

The sub-questions 2(a)–2(d) are also asked for each of the Questions 3–9, replacing “password manager” by “account”.

  1. 3.

    What email addresses do you have access too?

  2. 4.

    What social media accounts do you use to stay connected?

  3. 5.

    What accounts do you have to access your online finances? What social media accounts do you use to stay connected?

  4. 6.

    What accounts do you use for online shopping? What social media accounts do you use to stay connected?

  5. 7.

    What accounts do you use for entertainment? What social media accounts do you use to stay connected?

  6. 8.

    What accounts do you use for gaming? What social media accounts do you use to stay connected?

  7. 9.

    Are there any more accounts or items you feel we have missed? What social media accounts do you use to stay connected?

  8. 10.

    Look over the passwords you mentioned.

    1. (a)

      How secure do you think your password is?

      1. i.

        Strong = A password created by a password manager.

      2. ii.

        Average = A password you made yourself that you consider strong.

      3. iii.

        Weak = A password you made yourself that you consider weak or one that does not fit in the other two categories.

    2. (b)

      What are the login methods and things you need to access this password?

      1. i.

        Give a nickname for each entity needed or refer to the nickname that entity was given if already mentioned in the interview.

      2. ii.

        Is this method a recovery method to access this password?

    3. (c)

      Are there any comments on this password you would like to share?

    Repeat (a)–(c) for every password in this category.

B Interview 2 Script

Checking the Participants Awareness of Their Security

  1. 1.

    What did you think was the most important part of your account ecosystem?

  2. 2.

    Are you aware of any account security vulnerabilities you may have?

  3. 3.

    Which of your accounts do you think are the most important to keep secure?

  4. 4.

    Are you aware of anything you can do to improve your account security?

Reflections

  1. 1.

    Were there vulnerabilities found within the analysis based on a security practice that you originally thought secure?

  2. 2.

    Are there any practices you currently do you thought were not secure but disproved by the analysis?

Rights and permissions

Reprints and permissions

Copyright information

© 2022 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Abraham, M., Crabb, M., Radomirović, S. (2022). “I’m Doing the Best I Can.” . In: Parkin, S., Viganò, L. (eds) Socio-Technical Aspects in Security. STAST 2021. Lecture Notes in Computer Science, vol 13176. Springer, Cham. https://doi.org/10.1007/978-3-031-10183-0_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-10183-0_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-10182-3

  • Online ISBN: 978-3-031-10183-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation