Nicholas Micallef

Swansea University | SWAN · Department of Computer Science

Social media posts that direct users to YouTube videos are one of the most effective techniques for spreading misinformation. However, it has been observed that such posts rarely get deleted or flagged. Since multi-modal misinformation that leads to compelling videos has more impact than using just textual content, it is important to characterize a...

Misinformation has developed into a critical societal threat that can lead to disastrous societal consequences. Although fact-checking plays a key role in combating misinformation, relatively little research has empirically investigated work practices of professional fact-checkers. To address this gap, we conducted semi-structured interviews with 2...

Despite receiving a lot of scrutiny and criticism, security questions are still widely adopted. Although new techniques are continuously being proposed to improve fallback authentication (i.e. security questions design), little research investigated users’ security and memorability perceptions. Previous research found that users’ perceptions are im...

We designed and developed Fakey, a game to improve news literacy and reduce misinformation spread by emulating a social media feed. We analyzed player interactions with articles in the feed collected over 19 months within a real-world deployment of the game. We found that Fakey is effective in priming players to be suspicious of articles from quest...

News feeds in virtually all social media platforms include engagement metrics, such as the number of times each post is liked and shared. We find that exposure to these signals increases the vulnerability of users to low-credibility information in a simulated social media feed. This finding has important implications for the design of social media in...

Although security questions are still widely adopted, they still have several limitations. Previous research found that using system-generated information to answer security questions could be more secure than users' own answers. However, using system-generated information has usability limitations. To improve usability, previous research proposed...

Recent revelations about data breaches have heightened users' consciousness about the privacy of their online activity. An often overlooked avenue of collection of users' personal information are registration processes and/or social logins, such as login with Facebook or Google, implemented by smartphone apps. Although the extent of social login im...

Online forms often require users to provide a lot of personal information when registering for services, which puts their privacy at risk. While recent legislation has focused on how personal data is handled by organizations, the recent Cambridge Analytica revelations expose the limitations of relying on organizations to adhere to legislation or ev...

Purpose Security questions are one of the techniques used to recover forgotten passwords. However, security questions have both security and memorability limitations. To limit their security vulnerabilities, stronger answers need to be used. As serious games can motivate users to change their security behaviour, the purpose of this paper is to expl...

Privacy nudges are a "soft-paternalistic" method to nudge (instead of force) users to make more informed privacy decisions. While previous work has shown that privacy nudges are effective in encouraging users to adjust their privacy settings, current privacy nudges are considered to be annoying. Previous research found that modalities influence the...

When using security questions most users still trade-off security for the convenience of memorability. This happens because most users find strong answers to security questions difficult to remember. Previous research in security education was successful in motivating users to change their behaviour towards security issues, through the use of serio...

Security questions are one of the mechanisms used to recover passwords. Strong answers to security questions (i.e. high entropy) are hard for attackers to guess or obtain using social engineering techniques (e.g. monitoring of social networking profiles), but at the same time are difficult to remember. Instead, weak answers to security questions (i...

Security questions are one of the techniques used to recover passwords. The main limitation of security questions is that users find strong answers difficult to remember. This leads users to trade-off security for the convenience of an improved memorability. Previous research found that increased fun and enjoyment can lead to an enhanced memorabili...

Fallback authentication is used to retrieve forgotten passwords. Security questions are one of the main techniques used to conduct fallback authentication. In this paper, we propose a serious game design that uses system-generated security questions with the aim of improving the usability of fallback authentication. For this purpose, we adopted the...

Security questions are one of the techniques used in fall-back authentication to retrieve forgotten passwords. This paper proposes a game design which aims to improve usability of system-generated security questions. In our game design, we adapted the popular picture-based "4 Pics 1 word" mobile game. This game asks users to pick the word that rela...

A majority of Stroke survivors have an arm impairment (up to 80%), which persists over the long term (>12 months). Physiotherapy experts believe that a rehabilitation Aide-Memoire could help these patients [25]. Hence, we designed, with the input of physiotherapists, Stroke experts and former Stroke patients, the Aide-Memoire Stroke (AIMS) App to h...

One of the main reasons why smartphone users do not adopt screen locking mechanisms is due to the inefficiency of entering a PIN/pattern each time they use their phone. To address this problem we designed a context-sensitive screen locking application which asked participants to enter a PIN/pattern only when necessary, and evaluated its impact on e...

Modern mobile devices come with an array of sensors that support many interesting applications. However, sensors have different sampling costs (e.g., battery drain) and benefits (e.g., accuracy) under different circumstances. In this work we investigate the trade-off between the cost of using a sensor and the benefit gained from its use, with appli...

We propose a lightweight, and temporally and spatially aware user behaviour modelling technique for sensor-based authentication. Operating in the background, our data driven technique compares current behaviour with a user profile. If the behaviour deviates sufficiently from the established norm, actions such as explicit authentication can be trigg...

Current methods of behavioral data collection from mobile devices either require significant involvement from participants to verify the 'ground truth' of the data, or approximations that involve post-experiment comparisons to seed data. In this paper we argue that user involvement can be gracefully reduced by performing more intelligent seed compa...

This work aims to contribute to the field of non-intrusive and transparent authentication on smart phones by defining an implicit authentication model consisting of a set of distinguishable recurring features extracted from a combination of different sources of inbuilt sensors which have not yet been previously combined for this purpose. The resear...

We present a novel method for improving the security of challenge question authentication, which tradition-ally requires a user to answer questions such as "What is your Mother's Maiden Name?". In our method, users create an Avatar representing a fictitious person, and later use the Avatar's information to authenticate themselves. The Avatar Profil...