Supporting Users in Password Authentication with Persuasive Design
Supporting Users in Password Authentication with Persuasive Design

Author: Tobias Seitz

Publisher: Tobias Seitz

Published: 2018-08-03

Total Pages: 318

ISBN-13:

DOWNLOAD EBOOK

Activities like text-editing, watching movies, or managing personal finances are all accomplished with web-based solutions nowadays. The providers need to ensure security and privacy of user data. To that end, passwords are still the most common authentication method on the web. They are inexpensive and easy to implement. Users are largely accustomed to this kind of authentication but passwords represent a considerable nuisance, because they are tedious to create, remember, and maintain. In many cases, usability issues turn into security problems, because users try to work around the challenges and create easily predictable credentials. Often, they reuse their passwords for many purposes, which aggravates the risk of identity theft. There have been numerous attempts to remove the root of the problem and replace passwords, e.g., through biometrics. However, no other authentication strategy can fully replace them, so passwords will probably stay a go-to authentication method for the foreseeable future. Researchers and practitioners have thus aimed to improve users' situation in various ways. There are two main lines of research on helping users create both usable and secure passwords. On the one hand, password policies have a notable impact on password practices, because they enforce certain characteristics. However, enforcement reduces users' autonomy and often causes frustration if the requirements are poorly communicated or overly complex. On the other hand, user-centered designs have been proposed: Assistance and persuasion are typically more user-friendly but their influence is often limited. In this thesis, we explore potential reasons for the inefficacy of certain persuasion strategies. From the gained knowledge, we derive novel persuasive design elements to support users in password authentication. The exploration of contextual factors in password practices is based on four projects that reveal both psychological aspects and real-world constraints. Here, we investigate how mental models of password strength and password managers can provide important pointers towards the design of persuasive interventions. Moreover, the associations between personality traits and password practices are evaluated in three user studies. A meticulous audit of real-world password policies shows the constraints for selection and reuse practices. Based on the review of context factors, we then extend the design space of persuasive password support with three projects. We first depict the explicit and implicit user needs in password support. Second, we craft and evaluate a choice architecture that illustrates how a phenomenon from marketing psychology can provide new insights into the design of nudging strategies. Third, we tried to empower users to create memorable passwords with emojis. The results show the challenges and potentials of emoji-passwords on different platforms. Finally, the thesis presents a framework for the persuasive design of password support. It aims to structure the required activities during the entire process. This enables researchers and practitioners to craft novel systems that go beyond traditional paradigms, which is illustrated by a design exercise.

Usable Security
Usable Security

Author: Yulong Yang

Publisher:

Published: 2016

Total Pages: 97

ISBN-13:

DOWNLOAD EBOOK

Text passwords are still the primary authentication mechanism for computers and online systems world-wide. Prior work indicates that they would likely persist in the foreseeable future, despite alternative proposals. Therefore, it is crucial to examine the open issues in text passwords. In addition, instead of replacing text passwords entirely, alternatives could be proposed for use under specific context. Under such premises, this thesis focused on (1) to demonstrate the field performance of a serious alternative method for mobile authentication and (2) to propose a systematic experiment design to study password memorability. Designed to be used for desktop computers originally, text passwords are not suitable for modern platforms such as mobile devices. Using text passwords on mobile devices is a drastically different experience, because of the different form factor and context. From a between-group lab study comparing passwords usage on different devices, we learned that the form factor alone already has an effect on aspects of passwords such as the amount of lowercase letters used per password. Meanwhile, recent studies suggest that free-form gesture passwords are a viable alternative as an authentication method on touchscreen devices. However, little is known about the actual advantages they carry when deployed for everyday mobile use. We performed the first field study (N=91) of mobile authentication using free-form gestures, with text passwords being the baseline. Motivated by Experience Sampling Method (ESM), our study design aimed at increasing ecological validity while still maintaining control of the experiment. We found that, with gesture passwords, participants gen- erated new passwords and authenticated faster with comparable memorability, while being more willing to retry. Our analysis of the gesture password dataset indicated the choice of gestures varied across categories. Our findings demonstrated gesture passwords are a serious alternative for mobile context. A major struggle people have with text passwords is to create ones that are both secure and memorable. Although there has been research on measuring password security, we have yet to systematically discover the factors to affect password memorability. By combining existing memory findings and password specific contexts, we proposed a field experiment design centering on two major factors that affect password memorability: log-in frequency and password condition. Log-in frequency defines the frequency of log-in tasks, and password condition defines the condition each password was created. The result of the experiment revealed that potential effects of our factors exist and pointed out directions for future studies.

Exploiting Human Factors in User Authentication
Exploiting Human Factors in User Authentication

Author: Payas Gupta

Publisher:

Published: 2013

Total Pages: 155

ISBN-13:

DOWNLOAD EBOOK

Our overarching issue in security is the human factor -- and dealing with it is perhaps one of the biggest challenges we face today. Human factor is ofte described as the weakest part of a security system and users are often described as the weakest link in the security chain. In this thesis, we focus on two problems which are caused by human factors in user authentication and propose respective solutions., a) Secrecy information inference attack - publicly available information can be used to infer some secrecy information about the user. b) Coercion attack - where an attacker forces a user to handover his / her secret information such as account details and password.

Human Factors in Textual Password-based Authentication
Human Factors in Textual Password-based Authentication

Author: S. M. Taiabul Haque

Publisher:

Published: 2015

Total Pages: 146

ISBN-13:

DOWNLOAD EBOOK

Despite being the most commonly used method of authentication on the Web, textual password-based authentication is by no means a panacea as long as usability is concerned. In this dissertation work, we address some usability issues of textual password-based authentication and propose solutions to them. In our first work, we propose a hierarchy of password importance and use an experiment to examine the degree of similarity between passwords for lower-level (e.g. news portal) and higher-level (e.g. banking) websites in this hierarchy. Leveraging the lower-level passwords constructed by subjects along with a password-cracking dictionary, we successfully cracked almost one-third of the subjects' higher-level passwords. This confirms that leaked lower-level passwords can be used by attackers to crack higher-level passwords. In our second work, we examine the issue of textual password entry on mobile devices which is fraught with usability problems due to size and input constraints of mobile devices. We examine the association between password strengths and the keyboard/keypad layouts through which they are constructed, including computer keyboard and different types of mobile keypad layouts. We design a custom mobile keypad layout and demonstrate its effectiveness through extensive user studies. Our third work focuses on measuring user comfort when constructing a strong password by using mobile devices. Since comfort is a basic construct for understanding usability, measuring user comfort in a security context is an issue of paramount importance. We solve this issue by applying standard techniques of psychometrics to develop a user comfort scale. We establish the essential psychometric properties (reliability and validity) of this scale and demonstrate how the scale can be used to profile password construction interfaces of popular smartphone handsets. We also theoretically conceptualize user comfort across different dimensions and use confirmatory factor analysis to verify our theory. All these works reveal the weaknesses of user-chosen textual passwords. Thus, in our final work, we focus on system-assigned random textual password consisting of lowercase letters only. It guards against a wide range of usability issues, but introduces memorability problems, which hinders its wide-scale deployment in real world. We propose two methods to leverage different types of human memory and aid the users in memorizing system-assigned random passwords. The first method (known as the method of loci) exploits the spatial and the visual memory to help memorizing a list of ordered items. The second method (known as the link method), on the other hand, facilitates the memorization process by creating a chain of memory cues. We implemented both of the methods in the context of memorizing system-assigned random passwords and conducted a memorability study to test their effectiveness. We found that participants using the method of loci had a login success rate of 86%, which is highest for any recall-based study with system-assigned random passwords. By extending the method of loci, we further conducted a separate study to test its effectiveness in helping users to memorize long random passwords that offer almost crypto-level security. The results of this study demonstrate that the method of loci can be leveraged to help users memorize cryptographically-strong passwords.

Human Computer Interaction Handbook
Human Computer Interaction Handbook

Author: Julie A. Jacko

Publisher: CRC Press

Published: 2012-05-04

Total Pages: 1469

ISBN-13: 1439829446

DOWNLOAD EBOOK

Winner of a 2013 CHOICE Outstanding Academic Title Award The third edition of a groundbreaking reference, The Human-Computer Interaction Handbook: Fundamentals, Evolving Technologies, and Emerging Applications raises the bar for handbooks in this field. It is the largest, most complete compilation of HCI theories, principles, advances, case st

Computers at Risk
Computers at Risk

Author: National Research Council

Publisher: National Academies Press

Published: 1990-02-01

Total Pages: 320

ISBN-13: 0309043883

DOWNLOAD EBOOK

Computers at Risk presents a comprehensive agenda for developing nationwide policies and practices for computer security. Specific recommendations are provided for industry and for government agencies engaged in computer security activities. The volume also outlines problems and opportunities in computer security research, recommends ways to improve the research infrastructure, and suggests topics for investigators. The book explores the diversity of the field, the need to engineer countermeasures based on speculation of what experts think computer attackers may do next, why the technology community has failed to respond to the need for enhanced security systems, how innovators could be encouraged to bring more options to the marketplace, and balancing the importance of security against the right of privacy.

A Human Error Approach to Aviation Accident Analysis
A Human Error Approach to Aviation Accident Analysis

Author: Douglas A. Wiegmann

Publisher: Routledge

Published: 2017-12-22

Total Pages: 174

ISBN-13: 1351962353

DOWNLOAD EBOOK

Human error is implicated in nearly all aviation accidents, yet most investigation and prevention programs are not designed around any theoretical framework of human error. Appropriate for all levels of expertise, the book provides the knowledge and tools required to conduct a human error analysis of accidents, regardless of operational setting (i.e. military, commercial, or general aviation). The book contains a complete description of the Human Factors Analysis and Classification System (HFACS), which incorporates James Reason's model of latent and active failures as a foundation. Widely disseminated among military and civilian organizations, HFACS encompasses all aspects of human error, including the conditions of operators and elements of supervisory and organizational failure. It attracts a very broad readership. Specifically, the book serves as the main textbook for a course in aviation accident investigation taught by one of the authors at the University of Illinois. This book will also be used in courses designed for military safety officers and flight surgeons in the U.S. Navy, Army and the Canadian Defense Force, who currently utilize the HFACS system during aviation accident investigations. Additionally, the book has been incorporated into the popular workshop on accident analysis and prevention provided by the authors at several professional conferences world-wide. The book is also targeted for students attending Embry-Riddle Aeronautical University which has satellite campuses throughout the world and offers a course in human factors accident investigation for many of its majors. In addition, the book will be incorporated into courses offered by Transportation Safety International and the Southern California Safety Institute. Finally, this book serves as an excellent reference guide for many safety professionals and investigators already in the field.