SPEX - Security and Privacy Experiences research group in the Department of Software and Information Systems, College of Computing and Informatics, University of North Carolina at Charlotte

The Security and Privacy Experiences (SPEX) research group focuses on people as risk navigators within a web of social relationships, systems, and computation-in-the-loop.

To improve understanding of people's lived experiences and empower users to keep themselves and their loved ones safe, we draw on methods from human-computer interaction, design, software engineering, data science + applied statistics, and social psychology.

Find us on the 3rd floor of Woodward Hall in the Department of Software and Information Systems, College of Computing and Informatics, University of North Carolina at Charlotte. We also are on Facebook, Mastodon and Twitter.

Research Thrusts + Current Projects

Empirical Research

Improving usability of professional security tools
Who falls for SMS text message scams ("SMiShing") and why [Preprint]
Phishing and ransomware attacks on distributed energy resources
Security + privacy concerns for vulnerable users of social media
Categorizing "dangerous" vs. hateful memes at scale

Everyday Interventions

Cybersecurity Buddy program [Poster]
Security/Privacy "Fitness" Tracker

Adoption Strategies

Psychometric scales and models
- Attitude measures: [The SA-6 scale] [The SA-13 scale] [Take the Security Attitude quiz]
- Behavior measures: [The RSec inventory]
Security Score for end users [Poster]
Behavior change models:
- For Individuals: [Security & Privacy Acceptance Framework]
- For Social Groups: [Security Adoption Process Model]
Password manager adoption [Preprint]

Research Papers

Cori Faklaris, Heather Richter Lipford, and Sarah Tabassum. 2023. Preliminary Results from a U.S. Demographic Analysis of SMiSh Susceptibility. arXiv [cs.HC] preprint and white paper, 29 pages. University of North Carolina at Charlotte. Available at: https://arxiv.org/abs/2309.06322
Sauvik Das, Cori Faklaris, Jason I. Hong, and Laura A. Dabbish. 2022. The Security & Privacy Acceptance Framework (SPAF). Foundations and Trends® in Privacy and Security (December 2022): Vol. 5: No. 1-2, pp 1-143. http://dx.doi.org/10.1561/3300000026. Available at: https://corifaklaris.com/files/spaf_preprint.pdf
Serena Wang, Cori Faklaris, Junchao Lin, Jason I. Hong, and Laura Dabbish. 2022. "It's Problematic but I'm not Concerned": University Perspectives on Account Sharing. In Proc. ACM Hum.-Comput. Interact. 6, CSCW1, Article 68 (April 2022), 27 pages. ACM, New York, NY, USA. Available at: https://corifaklaris.com/files/campus_sharing.pdf
Cori Faklaris, Laura Dabbish, and Jason I. Hong. 2022. Do They Accept or Resist Cybersecurity Measures? Development and Validation of the 13-Item Security Attitude Inventory (SA-13). arxiv [cs.CR] preprint and white paper, 55 pages. Carnegie Mellon University. Available at: https://socialcybersecurity.org/files/SA13paper.pdf
Cori Faklaris, Laura Dabbish, and Jason I. Hong. 2022. Experimental Evidence for Using a TTM Stages of Change Model in Boosting Progress Toward 2FA Adoption. arxiv [cs.HC] preprint and white paper, 41 pages. Carnegie Mellon University. Available at: https://arxiv.org/abs/2205.06937
Yunpeng Song, Cori Faklaris, Zhongmin Cai, Jason I. Hong, and Laura Dabbish. 2019. Normal and Easy: Account Sharing Practices in the Workplace. In Proceedings of the ACM: Human-Computer Interaction, Vol. 3, Issue CSCW, November 2019. ACM, New York, NY, USA. Available at: https://socialcybersecurity.org/files/CSCW2019_NormalAndEasy.pdf
Cori Faklaris, Laura Dabbish and Jason I. Hong. 2019. A Self-Report Measure of End-User Security Attitudes (SA-6). In Proceedings of the Fifteenth Symposium on Usable Privacy and Security (SOUPS 2019). USENIX Association, Berkeley, CA, USA. Available at: https://www.usenix.org/system/files/soups2019-faklaris.pdf
Cheul Young Park, Cori Faklaris, Siyan Zhao, Alex Sciuto, Laura Dabbish and Jason I. Hong. 2018. Share and Share Alike? An Exploration of Secure Behaviors in Romantic Relationships. In Proceedings of the Fourteenth Symposium on Usable Privacy and Security (SOUPS 2018). USENIX Association, Berkeley, CA, USA. Available at: https://www.usenix.org/system/files/conference/soups2018/soups2018-park.pdf
Cori Faklaris. 2018. Social Cybersecurity and the Help Desk: New Ideas for IT Professionals to Foster Secure Workgroup Behaviors. Workshop paper in the Proceedings of the 4th Workshop on Security Information Workers (WSIW 2018), Aug. 12, 2018,in Baltimore, MD, USA. USENIX Association, Berkeley, CA, USA. DOI: https://doi. org/10.13140/RG.2.2.35580.23686

Research Posters

Akash Rajeev Bhatia and Cori Faklaris. 2023. Exploring the Impact of a Cybersecurity Buddy for Improving Attack Vulnerability. Poster and abstract for the UNC Charlotte Graduate Research Symposium, March 24, 2023, in Charlotte, NC, USA. (Second-place award, CCI.) Available at: https://spexlab.org/files/cybersecBuddy_poster.pdf
Cori Faklaris, Laura Dabbish and Jason Hong. 2018. Adapting the Transtheoretical Model for the Design of Security Interventions. Poster and abstract for the Fourteenth Symposium on Usable Privacy and Security Adjunct (SOUPS 2018), Aug. 12-14, 2018,in Baltimore, MD, USA. USENIX Association, Berkeley, CA, USA. DOI: https://doi.org/10.13140/RG.2.2.15447.57760