End users’ perceptions of breached credential warnings



The widespread availability of usernames and passwords exposed by data breaches remains a big threat to users and companies. According to the Verizon 2021 Data Breach Investigations Report, credentials are the primary means by which an adversary hacks into an organization, with 61% of breaches attributed to leveraged credentials. To better protect users’ credentials, companies have begun checking if their users’ credentials appear in breaches, and, if so, they deploy further protections (e.g., suggest for users to change their passwords). However, there has been no research conducted to understand end-users’ perceptions of breached credential warnings. As Google has announced that Chrome’s Safety Check feature is being used 14 million times every week, there is a need to study the end-users’ perspective of such a feature to better support their needs.

This project aims at bridging these aforementioned knowledge gaps by aiming to:

  1. explore users’ understandings of the feature
  2. explore users’ (possible) concerns about the feature, and
  3. identify users’ (possible) perceived challenges in terms of interacting with the feature.