User Perceptions of Security Risks in Multiple Authentications

Abstract

Authentication is an everyday practice in the information economy. When people use Facebook, Google, or Twitter to log in a third-party app they perform tertiary authentications. Authentication is often the only protection users have for personal information held by platforms and third parties. This personal information and the metadata produced by people has an exchange value for platform operators. This dissertation explores people's perceptions of security and confidentiality as they perform tertiary authentications and how platform operators benefit from data generated in the process. The research design consisted of a 20-participants experiment and a policy analysis reviewing privacy and security policies of Facebook, Google, and Twitter answered these questions. What is the extent of the interplay between security and usability for platform operators that are commodifying from users' personal data through tertiary authentication; how are people managing and controlling their security and confidentiality as they perform tertiary authentications and what are the implications of those actions for users’ perception of identity and privacy, and; which conditions and variables create a perception of false security in users performing tertiary authentications, and what factors of tertiary authentication affect users’ sense of security? Through diagrammatic representations of their mental models and a questionnaire, the experiment measured how the test and control groups rated the value of their personal information after reviewing platform policies and how they managed their data when offered the chance to adjust their security and privacy settings before performing tertiary authentications. Results show that while participants tried to secure their data, they were not as aware of commodification processes. Guided by the transactional token framework used to theorize the process of commodification of people's personal information when performing authentication, the policy analysis explains how platform operators commodify users’ data. This framework is a dialectic model that analyzes at once authentication and the monetization of attention while focusing on tertiary authentication. It unearths strategies used by platforms operators to collect users’ information through their interaction with gamified security and privacy settings. It is argued that tertiary authentication which protects users’ personal information sacrifices security for usability’s sake. Security becomes a feature which people unknowingly interact with to provide more data to platform operators.