Psychology in cybersecurity

The psychology of cybersecurity (often intersecting with usable security and cyberpsychology) is an interdisciplinary field studying how human behavior, cognitive biases, and social dynamics influence information security. While traditional cybersecurity focuses on hardware and software vulnerabilities, this discipline addresses the "human factor," which is exploited in cyberattacks. Psychology in cybersecurity draws from cognitive psychology and human–computer interaction. == History and evolution == The challenge of human behavior in computing was noted as early as the 1960s with multi-user mainframes like the Compatible Time-Sharing System (CTSS). In 1966, a software error on CTSS caused the system's master password file to be displayed to every user upon login—one of the earliest documented security incidents attributable to a combination of system design and human factors. These behaviors gained broader significance in the 1990s as the Internet became widely accessible. High-profile incidents involving figures like Kevin Mitnick demonstrated how human trust could be exploited through social engineering such as pretexting over the phone. == Cognitive and behavioral factors == Much of the psychology of cybersecurity focuses on decision-making under stress or uncertainty. Researchers apply frameworks like dual process theory to explain why humans fall for phishing or business email compromise. Threat actors design malicious communications to trigger fast, emotional "System 1" thinking—using urgency, authority, or panic, which prompts users to click a link or wire funds before their analytical "System 2" can assess the situation's legitimacy. Industry research has consistently documented the effectiveness of these techniques at scale, pointing to several recurring psychological phenomena that influence daily security practices: Cognitive biases: The optimism bias leads users to believe they are unlikely to be targeted by cybercriminals, resulting in lax password practices or delayed software updates. The availability heuristic causes individuals to focus on highly publicized, sophisticated threats while ignoring common, statistically probable risks like credential reuse. Social influence: Attackers leverage established principles of persuasion, such as those categorized by Robert Cialdini. Impersonating a CEO leverages the psychological trigger of authority, while fake tech support scams use reciprocity (offering to fix a problem before asking for network credentials). == Neurological and pre-cognitive factors == Functional magnetic resonance imaging (fMRI) studies show that neural activation in visual and attentional regions decreases with repeated exposure to the same stimulus, a phenomenon termed repetition suppression. Experiments have confirmed this effect in the context of security warnings: static warning designs produce declines in user attention and adherence. Information processing research on phishing indicates that affective cues, such as artificial urgency or fear, increase cognitive load and elicit automatic heuristic processing, reducing the likelihood of analytical evaluation and facilitating compliance with malicious requests. == Security fatigue and organizational dynamics == Aggressive cybersecurity postures can sometimes lead to mental and emotional exhaustion, a phenomenon known as security fatigue. === Alert fatigue === One example is alert fatigue, which most frequently affects both end-users and security operations center analysts. Continuous exposure to browser warnings or antivirus pop-ups, particularly those that are false positives, conditions users to dismiss alerts automatically due to the volume of notifications rather than their repetitive appearance (see § Neurological and pre-cognitive factors). The scale of this problem is significant in enterprise: SOC teams in large organizations receive thousands of alerts daily, and a survey published in ACM Computer Surveys found that analysts spend over 25% of their time handling false positives, meaning that malicious indicators can be buried in the noise. === Password fatigue === Similarly, password fatigue is the feeling experienced by many people who are required to remember an excessive number of passwords as part of their daily routine, such as to log in to a computer at work. Users cope with the memory burden by making predictable, iterative changes to their passwords (such as updating "Password01!" to "Password02!"), which decreases password security.

Multi-scale approaches

The scale space representation of a signal obtained by Gaussian smoothing satisfies a number of special properties, scale-space axioms, which make it into a special form of multi-scale representation. There are, however, also other types of "multi-scale approaches" in the areas of computer vision, image processing and signal processing, in particular the notion of wavelets. The purpose of this article is to describe a few of these approaches: == Scale-space theory for one-dimensional signals == For one-dimensional signals, there exists quite a well-developed theory for continuous and discrete kernels that guarantee that new local extrema or zero-crossings cannot be created by a convolution operation. For continuous signals, it holds that all scale-space kernels can be decomposed into the following sets of primitive smoothing kernels: the Gaussian kernel : g ( x , t ) = 1 2 π t exp ⁡ ( − x 2 / 2 t ) {\displaystyle g(x,t)={\frac {1}{\sqrt {2\pi t}}}\exp({-x^{2}/2t})} where t > 0 {\displaystyle t>0} , truncated exponential kernels (filters with one real pole in the s-plane): h ( x ) = exp ⁡ ( − a x ) {\displaystyle h(x)=\exp({-ax})} if x ≥ 0 {\displaystyle x\geq 0} and 0 otherwise where a > 0 {\displaystyle a>0} h ( x ) = exp ⁡ ( b x ) {\displaystyle h(x)=\exp({bx})} if x ≤ 0 {\displaystyle x\leq 0} and 0 otherwise where b > 0 {\displaystyle b>0} , translations, rescalings. For discrete signals, we can, up to trivial translations and rescalings, decompose any discrete scale-space kernel into the following primitive operations: the discrete Gaussian kernel T ( n , t ) = I n ( α t ) {\displaystyle T(n,t)=I_{n}(\alpha t)} where α , t > 0 {\displaystyle \alpha ,t>0} where I n {\displaystyle I_{n}} are the modified Bessel functions of integer order, generalized binomial kernels corresponding to linear smoothing of the form f o u t ( x ) = p f i n ( x ) + q f i n ( x − 1 ) {\displaystyle f_{out}(x)=pf_{in}(x)+qf_{in}(x-1)} where p , q > 0 {\displaystyle p,q>0} f o u t ( x ) = p f i n ( x ) + q f i n ( x + 1 ) {\displaystyle f_{out}(x)=pf_{in}(x)+qf_{in}(x+1)} where p , q > 0 {\displaystyle p,q>0} , first-order recursive filters corresponding to linear smoothing of the form f o u t ( x ) = f i n ( x ) + α f o u t ( x − 1 ) {\displaystyle f_{out}(x)=f_{in}(x)+\alpha f_{out}(x-1)} where α > 0 {\displaystyle \alpha >0} f o u t ( x ) = f i n ( x ) + β f o u t ( x + 1 ) {\displaystyle f_{out}(x)=f_{in}(x)+\beta f_{out}(x+1)} where β > 0 {\displaystyle \beta >0} , the one-sided Poisson kernel p ( n , t ) = e − t t n n ! {\displaystyle p(n,t)=e^{-t}{\frac {t^{n}}{n!}}} for n ≥ 0 {\displaystyle n\geq 0} where t ≥ 0 {\displaystyle t\geq 0} p ( n , t ) = e − t t − n ( − n ) ! {\displaystyle p(n,t)=e^{-t}{\frac {t^{-n}}{(-n)!}}} for n ≤ 0 {\displaystyle n\leq 0} where t ≥ 0 {\displaystyle t\geq 0} . From this classification, it is apparent that we require a continuous semi-group structure, there are only three classes of scale-space kernels with a continuous scale parameter; the Gaussian kernel which forms the scale-space of continuous signals, the discrete Gaussian kernel which forms the scale-space of discrete signals and the time-causal Poisson kernel that forms a temporal scale-space over discrete time. If we on the other hand sacrifice the continuous semi-group structure, there are more options: For discrete signals, the use of generalized binomial kernels provides a formal basis for defining the smoothing operation in a pyramid. For temporal data, the one-sided truncated exponential kernels and the first-order recursive filters provide a way to define time-causal scale-spaces that allow for efficient numerical implementation and respect causality over time without access to the future. The first-order recursive filters also provide a framework for defining recursive approximations to the Gaussian kernel that in a weaker sense preserve some of the scale-space properties.

TalkBack

TalkBack is an accessibility service for the Android operating system that helps blind and visually impaired users to interact with their devices. It uses spoken words, vibration and other audible feedback to allow the user to know what is happening on the screen allowing the user to better interact with their device. The service is pre-installed on many Android devices, and it became part of the Android Accessibility Suite in 2017. According to the Google Play Store, the Android Accessibility Suite has been downloaded over five billion times, including devices that have the suite preinstalled. == Open-source == Google releases the source code of TalkBack with some releases of the accessibility service to GitHub, with the latest of these changes being from May 6, 2021. The source for these versions of Google TalkBack have been released under the Apache License version 2.0. == Release history ==

MSpy

mSpy is a brand of mobile and computer parental control monitoring software for iOS, Android, Windows, and macOS. The app monitors and logs user activity on the client device and sends the data to a personalized dashboard. Data the users can monitor includes text messages, calls, GPS locations, social media chats, and more. It is owned by Virtuoso Holding. == History == mSpy was launched as a product for mobile monitoring by Altercon Group in 2010. In 2012, the application allowed parents to monitor not only smartphones but also computers running Windows and macOS. In 2013, mSpy became TopTenReviews cell phone monitoring software award winner. By 2014, the business grew nearly 400%, and the app's user numbers exceeded 1 million. In 2015, mSpy received the Parents Tested Parents Approved (PTPA) Winner’s Seal of Approval in the United States. In 2015 and 2018, mSpy was the victim of data breaches which released user data. In 2016, mLite, a light version of mSpy, became available from Google Play. The same year, it was awarded the kidSAFE Certified Seal in the United States. In 2017, mSpy collaborated with YouTuber and journalist Coby Persin to conduct a social experiment on the dangers of social media and online predators. A social experiment, conducted with parental consent, involved Coby Persin to befriend three children—aged 12, 13, and 14—via Snapchat and then invite them to meet personally. Each of the participants agreed to the meeting and arrived at the designated location. The video of the experiment received widespread attention and helped to raise awareness about the importance of online security and parental controls. In early 2021, mSpy released a new feature - Screenrecorder. The feature allows parents to take screenshots of the kid's screen when they are browsing certain apps. In 2024, mSpy's Zendesk was compromised by an unknown threat actor, revealing their customer list. As of 2025, mSpy is compatible with Android, iPhone, and iPad devices. It provides access to various types of data stored on the device, including contact information, calendar entries, emails, SMS messages, browser history, photos, videos, and installed applications. Functions also include GPS tracking, geofencing, keyword alerts etc. == Reception == It was noted that since MSpy runs inconspicuously, there is risk of the software being used illegally. mSpy was called "terrifying" by The Next Web and was featured in NPR coverage of spyware used against victims of stalking and other domestic violence. In response mSpy released security updates aimed at reducing the risk of misuse and stated that it "uses encryption protocols to protect user data and that access is restricted to the account holder". In May 2015, Brian Krebs reported that mSpy was hacked, leaking personal data for hundreds of thousands of users of devices with mSpy installed. mSpy claimed that there was no data leak, but that instead, it was the victim of blackmailers. In September 2018, Krebs claimed and demonstrated that anyone could easily gain access to the mSpy database containing data for millions of users. The company responded by stating that the exposed data consisted primarily of error logs and incorrect login attempts. Following the incident, mSpy implemented new security measures, changed encryption keys, and reset passwords for affected accounts. A 2024 Sky News story characterised mSpy as "stalkerware". Leaked customer support messages from mSpy reveal misuse of its app for illegally monitoring partners and children.

Sprite multiplexing

Sprite multiplexing is a computer graphics technique where additional sprites (moving images) can be drawn on the screen, beyond the nominal maximum. It is largely historical, applicable principally to older hardware, where limited resources (such as CPU speed and memory) meant only a relatively small number of sprites were supported. On the other hand, it is also true that without multiplexing, the sprite circuitry would be idle much of the time, and limited resources were wasted. == Description == The sprite multiplexing technique is based on the idea that while the hardware may only support a finite number of sprites, it is sometimes possible to re-use the same sprite "slots" more than once per frame or scan line. The program will first use the hardware to draw one or more sprite(s), as normal. Before the next frame (or next scanline) needs to be drawn, the software reprograms the hardware to display additional sprites, in other positions. For example, the Nintendo Entertainment System explicitly supports hardware sprite multiplexing, where it has 64 hardware sprites, but is only capable of rendering 8 of them per scanline. On the older Atari 2600, sprite multiplexing was not intentionally designed in, but programmers discovered they could reset the TIA graphics chip to draw additional sprites on the same scanline. The sprite multiplexing technique relies on the program being able to identify what part of the video screen is being drawn at the moment, or being triggered by the video hardware to run a subroutine at the crucial moment. The programmer must carefully consider the layout of the screen. If the video graphics hardware is not reprogrammed in time for the extra sprites to be displayed, they will not appear, or will be drawn incorrectly. Modern video graphics hardware typically does not use hardware sprites, since modern computer systems do not have the kind of limitations that sprite hardware is designed to circumvent. == Implementations == Systems that allow the programmer to employ the sprite multiplexing technique include: Atari 2600 Atari 8-bit computers Amiga Commodore 64 MSX Nintendo Entertainment System Super Nintendo Entertainment System Master System Sega Genesis/Mega Drive

Production (computer science)

In computer science, a production or production rule is a rewrite rule that replaces some symbols with other symbols. A finite set of productions P {\displaystyle P} is the main component in the specification of a formal grammar (specifically a generative grammar). In such grammars, a set of productions is a special case of relation on the set of strings V ∗ {\displaystyle V^{}} (where ∗ {\displaystyle {}^{}} is the Kleene star operator) over a finite set of symbols V {\displaystyle V} called a vocabulary that defines which non-empty strings can be substituted with others. The set of productions is thus a special kind subset P ⊂ V ∗ × V ∗ {\displaystyle P\subset V^{}\times V^{}} and productions are then written in the form u → v {\displaystyle u\to v} to mean that ( u , v ) ∈ P {\displaystyle (u,v)\in P} (not to be confused with → {\displaystyle \to } being used as function notation, since there may be multiple rules for the same u {\displaystyle u} ). Given two subsets A , B ⊂ V ∗ {\displaystyle A,B\subset V^{}} , productions can be restricted to satisfy P ⊂ A × B {\displaystyle P\subset A\times B} , in which case productions are said "to be of the form A → B {\displaystyle A\to B} . Different choices and constructions of A , B {\displaystyle A,B} lead to different types of grammars. In general, any production of the form u → ϵ , {\displaystyle u\to \epsilon ,} where ϵ {\displaystyle \epsilon } is the empty string (sometimes also denoted λ {\displaystyle \lambda } ), is called an erasing rule, while productions that would produce strings out of nowhere, namely of the form ϵ → v , {\displaystyle \epsilon \to v,} are never allowed. In order to allow the production rules to create meaningful sentences, the vocabulary is partitioned into (disjoint) sets Σ {\displaystyle \Sigma } and N {\displaystyle N} providing two different roles: Σ {\displaystyle \Sigma } denotes the terminal symbols known as an alphabet containing the symbols allowed in a sentence; N {\displaystyle N} denotes nonterminal symbols, containing a distinguished start symbol S ∈ N {\displaystyle S\in N} , that are needed together with the production rules to define how to build the sentences. In the most general case of an unrestricted grammar, a production u → v {\displaystyle u\to v} , is allowed to map arbitrary strings u {\displaystyle u} and v {\displaystyle v} in V {\displaystyle V} (terminals and nonterminals), as long as u {\displaystyle u} is not empty. So unrestricted grammars have productions of the form V ∗ ∖ { ϵ } → V ∗ {\displaystyle V^{}\setminus \{\epsilon \}\to V^{}} or if we want to disallow changing finished sentences V ∗ N V ∗ = ( V ∗ ∖ Σ ∗ ) → V ∗ {\displaystyle V^{}NV^{}=(V^{}\setminus \Sigma ^{})\to V^{}} , where V ∗ N V ∗ {\displaystyle V^{}NV^{}} indicates concatenation and forces a non-terminal symbol to always be present on the left-hand side of the productions, and ∖ {\displaystyle \setminus } denotes set minus or set difference. If we do not allow the start symbol to occur in v {\displaystyle v} (the word on the right side), we have to replace V ∗ {\displaystyle V^{}} with ( V ∖ { S } ) ∗ {\displaystyle (V\setminus \{S\})^{}} on the right-hand side. The other types of formal grammar in the Chomsky hierarchy impose additional restrictions on what constitutes a production. Notably in a context-free grammar, the left-hand side of a production must be a single nonterminal symbol. So productions are of the form: N → V ∗ {\displaystyle N\to V^{}} == Grammar generation == To generate a string in the language, one begins with a string consisting of only a single start symbol, and then successively applies the rules (any number of times, in any order) to rewrite this string. This stops when a string containing only terminals is obtained. The language consists of all the strings that can be generated in this manner. Any particular sequence of legal choices taken during this rewriting process yields one particular string in the language. If there are multiple different ways of generating this single string, then the grammar is said to be ambiguous. For example, assume the alphabet consists of a {\displaystyle a} and b {\displaystyle b} , with the start symbol S {\displaystyle S} , and we have the following rules: 1. S → a S b {\displaystyle S\rightarrow aSb} 2. S → b a {\displaystyle S\rightarrow ba} then we start with S {\displaystyle S} , and can choose a rule to apply to it. If we choose rule 1, we replace S {\displaystyle S} with a S b {\displaystyle aSb} and obtain the string a S b {\displaystyle aSb} . If we choose rule 1 again, we replace S {\displaystyle S} with a S b {\displaystyle aSb} and obtain the string a a S b b {\displaystyle aaSbb} . This process is repeated until we only have symbols from the alphabet (i.e., a {\displaystyle a} and b {\displaystyle b} ). If we now choose rule 2, we replace S {\displaystyle S} with b a {\displaystyle ba} and obtain the string a a b a b b {\displaystyle aababb} , and are done. We can write this series of choices more briefly, using symbols: S ⇒ a S b ⇒ a a S b b ⇒ a a b a b b {\displaystyle S\Rightarrow aSb\Rightarrow aaSbb\Rightarrow aababb} . The language of the grammar is the set of all the strings that can be generated using this process: { b a , a b a b , a a b a b b , a a a b a b b b , … } {\displaystyle \{ba,abab,aababb,aaababbb,\dotsc \}} .

2018 Google data breach

The 2018 Google data breach was a major data privacy scandal in which the Google+ API exposed the private data of over five hundred thousand users. Google+ managers first noticed harvesting of personal data in March 2018, during a review following the Facebook–Cambridge Analytica data scandal. The bug, despite having been fixed immediately, exposed the private data of approximately 500,000 Google+ users to the public. Google did not reveal the leak to the network's users. In November 2018, another data breach occurred following an update to the Google+ API. Although Google found no evidence of failure, approximately 52.5 million personal profiles were potentially exposed. In August 2019, Google declared a shutdown of Google+ due to low use and technological challenges. == Overview of Google+ == Google+ was launched in June 2011 as an invite-only social network, but was opened for public access later in the year. It was managed by Vic Gundotra. Similar to Facebook, Google+ also included key features Circles, Hangouts and Sparks. Circles let users personalize their social groups by sorting friends into different categories. Once allowed into a Circle, users could regulate information in their individual spaces. Hangouts included video chatting and instant messaging between users. Sparks allowed Google to track users' past searches to find news and content related to their interests. Google+ was linked to other Google services, such as YouTube, Google Drive and Gmail, giving it access to roughly 2 billion user accounts. However, less than 400 million consumers actively used Google+, with 90% of those users using it for less than five seconds. == The breaches == In March 2018, Google developers found a data breach within the Google+ People API in which external apps acquired access to Profile fields that were not marked as public. According to The Wall Street Journal, Google didn’t disclose the breach when it was first discovered in March to avoid regulatory scrutiny and reputational damage. 500,000 Google+ accounts were included in the breach, which allowed 438 external apps unauthorized access to private users' names, emails, addresses, occupations, genders and ages. This information was available between 2015 and 2018. Google found no evidence of any user's personal information being misused, nor that any third-party app developers were aware of the leak. In November 2018, a software update created another data breach within the Google+ API. The bug impacted 52.5 million users, where, similarly to the March breach, unauthorized apps were able to access Google+ profiles, including users' names, email addresses, occupations and ages. Apps could not access financial information, national identification, numbers, or passwords. Blog posts, messages and phone numbers also remained inaccessible if marked as private. Unlike the previous breach, access was only available for six days before Google+ learned of the breach. Once more, Google+ found no evidence of data being misused by third-party developers. == Responses == In October 2018, the Wall Street Journal published an article outlining the initial breach and Google's decision to not disclose it to users. At the time, there was no federal law that required Google to inform their consumers of data breaches. Google+ originally did not disclose the breach out of fears of being compared to Facebook's recent data leak and subsequent loss of consumer confidence. In response to the Wall Street Journal article, Google announced the shutdown of Google+ in August 2019. After the second data leak, the date was moved to April 2019. In response to the data breach, enterprise consumers were notified of the bug's impact and given instructions on how to save, download and delete their data prior to the Google+ shut down. Google's Privacy and Data Protection Office found no misuse of user data. Prior to the Google+ shutdown, Google set a 10-month period in which users could download and migrate their data. After the 10-month period, user content was deleted. On 4 February 2019, consumers were no longer able to create new Google+ profiles. Google shut down Google+ APIs on 7 March 2019 to ensure that developers did not continue to rely on the APIs prior to the Google+ shutdown. Google is the principal entity of its parent company, Alphabet Inc. After the data breach, Alphabet Inc. share prices fell by 1% to $1,157.06 on 9 October 2018 after an earlier drop of $1,135.40 that morning, the lowest price since 5 July 2018. After the publication of The Wall Street Journal article, share prices dropped as low as 2.1% in two days on 10 October 2018. Share prices steadily increased from this point and met the 8 October 2018 share price on 5 February 2019. Google planned to rebuild Google+ as a corporate enterprise network. Google Play will now assess which apps can ask for permission to access the user's SMS data. Only the default app for telephone distribution is able to make requests. Prior to the data breaches, apps were able to request access to all of a consumer's data simultaneously. Now, each app must request permission for each aspect of a consumer's profile.