M. Angela Sasse

Stuff goes into the computer and doesn't come out: a cross-tool study of personal information management

This paper reports a study of Personal Information Management (PIM), which advances research in two ways: (1) rather than focusing on one tool, we collected cross-tool data relating to file, email and web bookmark usage for each participant, and (2) we collected longitudinal data for a subset of the participants. We found that individuals employ a rich variety of strategies both within and across PIM tools, and we present new strategy classifications that reflect this behaviour. We discuss synergies and differences between tools that may be useful in guiding the design of tool integration. Our longitudinal data provides insight into how PIM behaviour evolves over time, and suggests how the supporting nature of PIM discourages reflection by users on their strategies. We discuss how the promotion of some reflection by tools and organizations may benefit users.

Are Passfaces More Usable Than Passwords? A Field Trial Investigation

The proliferation of technology requiring user authentication has increased the number of passwords which users have to remember, creating a significant usability problem. This paper reports a usability comparison between a new mechanism for user authentication — Passfaces — and passwords, with 34 student participants in a 3-month field trial. Fewer login errors were made with Passfaces, even when periods between logins were long. On the computer facilities regularly chosen by participants to log in, Passfaces took a long time to execute. Participants consequently started their work later when using Passfaces than when using passwords, and logged into the system less often. The results emphasise the importance of evaluating the usability of security mechanisms in field trials.

Measuring perceived quality of speech and video in multimedia conferencing applications

There is currently much discussion of Quality of Service (QoS) measurements at the network level of real-time multimedia services, but it is the subjective qualify perceived by the user that will determine whether these applications are adopted This paper argues that ITU-recommended methods for subjective quality assessment of speech and video are not suitable for assessing the quality of many newer services and applications. We present an outline of what we believe to be a more suitable testing methodology, which acknowledges the multi-dimensional nature of perceived audio and video quality.

The researcher's dilemma: evaluating trust in computer-mediated communication

The aim of this paper is to establish a methodological foundation for human-computer interaction (HCI) researchers aiming to assess trust between people interacting via computer-mediated communication (CMC) technology. The most popular experimental paradigm currently employed by HCI researchers are social dilemma games based on the Prisoners Dilemma (PD), a technique originating from economics. HCI researchers employing this experimental paradigm currently interpret the rate of cooperation--measured in the form of collective pay-off--as the level of trust the technology allows its users to develop. We argue that this interpretation is problematic, since the games synchronous nature models only very specific trust situations. Furthermore, experiments that are based on PD games cannot model the complexity of how trust is formed in the real world, since they neglect factors such as ability and benevolence. In conclusion, we recommend (a) means of improving social dilemma experiments by using asynchronous Trust Games, (b) collecting a broader range of data (in particular qualitative) and (c) increased use of longitudinal studies.

Can small be beautiful?: assessing image resolution requirements for mobile TV

Mobile TV services are now being offered in several countries, but for cost reasons, most of these services offer material directly recoded for mobile consumption (i.e. without additional editing). The experiment reported in this paper, aims to assess the image resolution and bitrate requirements for displaying this type of material on mobile devices. The study, with 128 participants, examined responses to four different image resolutions, seven video encoding bitrates, two audio bitrates and four content types. The results show that acceptability is significantly lower for images smaller than 168x126, regardless of content type. The effect is more pronounced when bandwidth is abundant, and is due to important detail being lost in the smaller screens. In contrast to previous studies, participants are more likely to rate image quality as unacceptable when the audio quality is high.

Bringing security home: a process for developing secure and usable systems

The aim of this paper is to provide better support for the development of secure systems. We argue that current development practice suffers from two key problems:1. Security requirements tend to be kept separate from other system requirements, and not integrated into any overall strategy.2. The impact of security measures on users and the operational cost of these measures on a day-to-day basis are usually not considered.Our new paradigm is the full integration of security and usability concerns into the software development process, thus enabling developers to build secure systems that work in the real world. We present AEGIS, a secure software engineering method which integrates asset identification, risk and threat analysis and context of use, bound together through the use of UML, and report its application to case studies on Grid projects. An additional benefit of the method is that the involvement of stakeholders in the high-level security analysis improves their understanding of security, and increases their motivation to comply with policies.

Safe and sound: a safety-critical approach to security

This paper firstly argues that the design of security applications needs to consider more than technical elements. Since almost all security systems involve human users as well as technology, security should be considered, and designed as, a socio-technical work system. Secondly, we argue that safety-critical systems design has similar goals and issues to security design, and should thus provide a good starting point. Thirdly, we identify Reasons (1990) Generic Error Modeling System/Basic Elements of Production as the most suitable starting point for a socio-technical approach, and demonstrate how its basic elements can be applied to the domain of information security. We demonstrate how the application of the models concepts, especially the distinction between active and latent failures, offers an effective way of identifying and addressing security issues that involve human behavior. Finally, we identify strengths and weaknesses of this approach, and the requirement for further work to produce a security-specific socio-technical design framework.

Do Users Always Know What’s Good For Them? Utilising Physiological Responses to Assess Media Quality

Subjective methods are widely used to determine whether audio and video quality in networked multimedia applications is sufficient. Recent findings suggest that, due to contextual factors, users often accept levels of media quality known to be below the threshold required for such tasks. Therefore, we propose the use of physiological methods to assess the user cost of different levels of media quality. Physiological responses (HR, GSR and BVP) to two levels of video quality (5 vs. 25 frames per second — fps) were measured in a study with 24 users. Results showed that there was a statistically significant effect of frame rate, in the direction that 5fps caused responses to indicate stress. However, only 16% of the users noticed the difference subjectively. We propose a 3-tier assessment method that combines task performance, user satisfaction and user cost to obtain a meaningful indication of the media quality required by users.

Could I have the Menu Please? An Eye Tracking Study of Design Conventions

Existing Web design guidelines give conflicting advice on the best position for the navigation menu. One set of guidelines is based on user expectation of layout, the other on results from user testing with alternative layouts. To resolve this conflict we test whether placing the menu in an unexpected position has a negative impact on search performance. The results show that users rapidly adapt to an unexpected screen layout. We conclude that designers should not be inhibited in applying design recommendations that violate layout conventions as long as consistency is maintained within a site.

Face it - photos don't make a web site trustworthy

Use of staff photographs is frequently advocated as a means of increasing customer confidence in an e-shop. However, these claims are not conceptually or empirically grounded. In this paper we describe a qualitative study, which elicited customer reactions towards an e-commerce site that displayed staff photographs and links to richer media. The results suggest that employing social and affective cues, particularly in the form of photos, can be a risky strategy. To be effective they should be combined with functionality and targeted specifically at the user types we identified.