Verena Zimmermann


Last Name

Zimmermann

First Name

Verena

ORCID

0000-0002-6873-8146

Organisational unit

09775 - Zimmermann, Verena / Zimmermann, Verena

Filters

2017 - 2019212020 - 202647
Reset filters

Search Results

Publications1 - 10 of 68
  • Fear, Fun or None: A Qualitative Quest Towards Unlocking Cybersecurity Attitudes
    Item type: Conference Paper
    von Preuschen, Alexandra; Benda, Carolin; Schuhmacher, Monika Christine; et al. (2025)
    CHI '25: Proceedings of the 2025 CHI Conference on Human Factors in Computing Systems
    Employees, once seen as the weakest link in organizational cybersecurity, are now recognized as crucial defenders against malicious attacks. Thus, understanding employee attitudes towards cybersecurity, a major factor driving security behavior, is essential for protecting organizations. Using semi-structured interviews and focus groups, this study holistically explores attitudes toward cybersecurity, its influencing factors, and the employees' needs for fostering positive attitudes. The study offers in-depth insights into affective, cognitive, and behavioral components of attitudes, ranging from annoyance and fear to appreciation for cybersecurity measures. Influencing key factors include (in)direct cybersecurity experiences and individual perceptions - both highlighting social influences. For developing positive attitudes, employees express needs related to the company's social and cultural framework, communication styles, educational contents and formats. The study contributes to developing effective security strategies that address the individual, social, and organizational factors that shape cybersecurity attitudes, ultimately promoting a stronger organizational security.
  • Improving the Usability and UX of the Swiss Internet Voting Interface
    Item type: Conference Paper
    Marky, Karola; Zimmermann, Verena; Funk, Markus; et al. (2020)
    CHI '20: Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems
    Up to 20% of residential votes and up to 70% of absentee votes in Switzerland are cast online. The Swiss system aims to provide individual verifiability by different verification codes. The voters have to carry out verification on their own, making the usability and UX of the interface of great importance. To improve the usability, we first performed an evaluation with 12 human-computer interaction experts to uncover usability weaknesses of the Swiss Internet voting interface. Based on the experts' findings, related work, and an exploratory user study with 36 participants, we propose a redesign that we evaluated in a user study with 49 participants. Our study confirmed that the redesign indeed improves the detection of incorrect votes by 33% and increases the trust and understanding of the voters. Our studies furthermore contribute important lessons for designing verifiable e-voting systems in general.
  • Promoting secure Email communication and authentication
    Item type: Conference Paper
    Zimmermann, Verena; Henhapl, Birgit; Gerber, Nina; et al. (2017)
    Mensch und Computer 2017 - Workshopband
    Nowadays, the possibility to communicate securely is crucial for users in the private as well as in the business context. However, to do so they have to face problems regarding mismatching mental models of encryption and bad usability not only concerning the encryption, but also the authentication process. To solve this problem, we evaluate users perception on encryption and authentication schemes in order to (1) derive a process, which is more in line with their expectations and (2) use authentication schemes which provide security but also achieve a high acceptance rate from users. We plan to integrate our findings into a prototypical software in order to evaluate users acceptance for our technical approach.
  • Hybrid password meters for more secure passwords – a comprehensive study of password meters including nudges and password information
    Item type: Journal Article
    Zimmermann, Verena; Marky, Karola; Renaud, Karen (2022)
    Behaviour & Information Technology
    Supporting users with secure password creation is a well-explored yet unresolved research topic. A promising intervention is the password meter, i.e. providing feedback on the user's password strength as and when it is created. However, findings related to the password meter's effectiveness are varied. An extensive literature review revealed that, besides password feedback, effective password meters often include: (a) feedback nudges to encourage stronger passwords choices and (b) additional guidance. A between-subjects study was carried out with 645 participants to test nine variations of password meters with different types of feedback nudges exploiting various heuristics and norms. This study explored differences in resulting passwords: (1) actual strength, (2) memorability, and (3) user perceptions. The study revealed that password feedback, in combination with a feedback nudge and additional guidance, labelled a hybrid password meter, was generally more efficacious than either intervention on its own, on all three metrics. Yet, the type of feedback nudge targeting either the person, the password creation task, or the social context, did not seem to matter much. The meters were nearly equally efficacious. Future work should explore the long-term effects of hybrid password meters in real-life settings to confirm the external validity of these findings.
  • High-reliability organizations invest in resilience
    Item type: Book Chapter
    Dekker, Sidney; Zimmermann, Verena; Woods, David D. (2023)
    Human Factors in Aviation and Aerospace
    Findings about high-reliability organizations (HRO) capture the efforts that people make, at all levels of an organization, to learn and adapt to ensure safe operations despite variability, increasing complexity, and changing risks. The HRO empirical research base shows how safety originates in the interactions between the operational and leadership activities of people. The high-reliability organization perspective is relevant in aviation because the industry has worked to systematize processes for learning from incidents and accidents. HRO also has been one contributor to the rise of Resilience Engineering which leans forward in time to make learning more proactive and, thus, management more adaptive. High Resilience Organizations focus on how people are a source of adaptive capacity that regularly defuses trouble before it becomes visible in traditional management information channels. This shifts what is informative for management. One example is monitoring how managerial decisions and activities can create difficult conflicts and tight pressures that squeeze operations in critical periods. Other key findings include: HROs do not take a record of past reliability for granted as this undermines proactive learning. HROs keep wondering why operations are successful regularly, and they see people as primarily responsible for such resilient performance. HROs consider how ongoing changes in the environment, organization, and technology change risks. These forms of information can help make safety management highly adaptive and proactive.
  • Assessing Users’ Privacy and Security Concerns of Smart Home Technologies
    Item type: Journal Article
    Zimmermann, Verena; Gerber, Paul; Marky, Karola; et al. (2019)
    i-com
    Smart Home technologies have the potential to increase the quality of life, home security and facilitate elderly care. Therefore, they require access to a plethora of data about the users’ homes and private lives. Resulting security and privacy concerns form a relevant barrier to adopting this promising technology. Aiming to support end users’ informed decision-making through addressing the concerns we first conducted semi-structured interviews with 42 potential and little-experienced Smart Home users. Their diverse concerns were clustered into four themes that center around attacks on Smart Home data and devices, the perceived loss of control, the trade-off between functionality and security, and user-centric concerns as compared to concerns on a societal level. Second, we discuss measures to address the four themes from an interdisciplinary perspective. The paper concludes with recommendations for addressing user concerns and for supporting developers in designing user-centered Smart Home technologies.
  • The Nudge Puzzle: Matching Nudge Interventions to Cybersecurity Decisions
    Item type: Journal Article
    Zimmermann, Verena; Renaud, Karen (2021)
    ACM Transactions on Computer-Human Interaction
    Nudging is a promising approach, in terms of influencing people to make advisable choices in a range of domains, including cybersecurity. However, the processes underlying the concept and the nudge’s effectiveness in different contexts, and in the long term, are still poorly understood. Our research thus first reviewed the nudge concept and differentiated it from other interventions before applying it to the cybersecurity area. We then carried out an empirical study to assess the effectiveness of three different nudge-related interventions on four types of cybersecurity-specific decisions. Our study demonstrated that the combination of a simple nudge and information provision, termed a “hybrid nudge,” was at least as, and in some decision contexts even more effective in encouraging secure choices as the simple nudge on its own. This indicates that the inclusion of information when deploying a nudge, thereby increasing the intervention’s transparency, does not necessarily diminish its effectiveness. A follow-up study explored the educational and long-term impact of our tested nudge interventions to encourage secure choices. The results indicate that the impact of the initial nudges, of all kinds, did not endure. We conclude by discussing our findings and their implications for research and practice.
  • That Depends – Assessing User Perceptions of Authentication Schemes across Contexts of Use
    Item type: Working Paper
    Zimmermann, Verena; Gerber, Paul; Stöver, Alina (2022)
    arXiv
    Choosing authentication schemes for a specific purpose is challenging for service providers, developers, and researchers. Previous ratings of technical and objective aspects showed that available schemes all have strengths and limitations. Yet, the security of authentication also relies on user perceptions which affect acceptance and user behaviour and can deviate from technical aspects. To shine light on the issue and support researchers, developers, and service-providers confronted with authentication choice, we conducted an in-depth analysis of user perceptions of the password, fingerprint, and a smartphone-based scheme in an online study with 201 participants. As authentication is a secondary task that needs to be evaluated in the context of authentication purpose, we also compared perceptions across four contexts of use with varying sensitivity levels: email accounts, online banking, social networks, and smart homes. The results revealed how perceptions of usability, security, privacy, trust, effort, and qualitative features of the schemes are related to user preferences. The results increase awareness for the influence of subjective perceptions and have practical implications for decision-makers. They can inform a) the choice between several adequate schemes, b) the authentication design to reduce concerns or security-related misconceptions, and c) the development of context-dependent authentication.
  • Smart cities as a testbed for experimenting with humans? - Applying psychological ethical guidelines to smart city interventions
    Item type: Journal Article
    Zimmermann, Verena (2023)
    Ethics and Information Technology
    Smart Cities consist of a multitude of interconnected devices and services to, among others, enhance efficiency, comfort, and safety. To achieve these aims, smart cities rely on an interplay of measures including the deployment of interventions targeted to foster certain human behaviors, such as saving energy, or collecting and exchanging sensor and user data. Both aspects have ethical implications, e.g., when it comes to intervention design or the handling of privacy-related data such as personal information, user preferences or geolocations. Resulting concerns must be taken seriously, as they reduce user acceptance and can even lead to the abolition of otherwise promising Smart City projects. Established guidelines for ethical research and practice from the psychological sciences provide a useful framework for the kinds of ethical issues raised when designing human-centered interventions or dealing with user-generated data. This article thus reviews relevant psychological guidelines and discusses their applicability to the Smart City context. A special focus is on the guidelines’ implications and resulting challenges for certain Smart City applications. Additionally, potential gaps in current guidelines and the limits of applicability are reflected upon.
  • Public perceptions of Frankfurt Airport's value - A survey approach
    Item type: Journal Article
    Zimmermann, Verena; Felscher-Suhr, Ute; Vogt, Joachim (2018)
    Journal of Air Transport Management
    The public perception of an organization's contribution to society is of importance not only for society but also for the organization itself, e.g., in terms of customer satisfaction or standing in society. This research uses a multi-dimensional Public Value (PV) approach according to Meynhardt to explore the public perceptions of the airport system Frankfurt. In a two-step approach PV components were first collected by using an expert interview and a literature review and then evaluated by means of an online questionnaire that was answered by N = 577 residents. The highest perceived values were achieved in the dimensions economic value and task fulfilment. However, the results revealed significant differences between the current and the desired state of all five PV dimensions that also included ethics, social cohesion and quality of life. The results are discussed in relation to other findings in the literature.
Publications1 - 10 of 68