Sacha Brostoff

Are Passfaces More Usable Than Passwords? A Field Trial Investigation

The proliferation of technology requiring user authentication has increased the number of passwords which users have to remember, creating a significant usability problem. This paper reports a usability comparison between a new mechanism for user authentication — Passfaces — and passwords, with 34 student participants in a 3-month field trial. Fewer login errors were made with Passfaces, even when periods between logins were long. On the computer facilities regularly chosen by participants to log in, Passfaces took a long time to execute. Participants consequently started their work later when using Passfaces than when using passwords, and logged into the system less often. The results emphasise the importance of evaluating the usability of security mechanisms in field trials.

Safe and sound: a safety-critical approach to security

This paper firstly argues that the design of security applications needs to consider more than technical elements. Since almost all security systems involve human users as well as technology, security should be considered, and designed as, a socio-technical work system. Secondly, we argue that safety-critical systems design has similar goals and issues to security design, and should thus provide a good starting point. Thirdly, we identify Reasons (1990) Generic Error Modeling System/Basic Elements of Production as the most suitable starting point for a socio-technical approach, and demonstrate how its basic elements can be applied to the domain of information security. We demonstrate how the application of the models concepts, especially the distinction between active and latent failures, offers an effective way of identifying and addressing security issues that involve human behavior. Finally, we identify strengths and weaknesses of this approach, and the requirement for further work to produce a security-specific socio-technical design framework.

Shoulder surfing defence for recall-based graphical passwords

Graphical passwords are often considered prone to shoulder-surfing attacks, where attackers can steal a users password by peeking over his or her shoulder in the authentication process. In this paper, we explore shoulder surfing defence for recall-based graphical password systems such as Draw-A-Secret and Background Draw-A-Secret, where users doodle their passwords (i.e. secrets) on a drawing grid. We propose three innovative shoulder surfing defence techniques, and conduct two separate controlled laboratory experiments to evaluate both security and usability perspectives of the proposed techniques. One technique was expected to work to some extent theoretically, but it turned out to provide little protection. One technique provided the best overall shoulder surfing defence, but also caused some usability challenges. The other technique achieved reasonable shoulder surfing defence and good usability simultaneously, a good balance which the two other techniques did not achieve. Our results appear to be also relevant to other graphical password systems such as Pass-Go.

Too close for comfort: a study of the effectiveness and acceptability of rich-media personalized advertising

Online display advertising is predicted to make

Would You Sell Your Mother’s Data? Personal Data Disclosure in a Simulated Credit Card Application

29.53 billion this year. Advertisers believe targeted and personalized ads to be more effective, but many users are concerned about their privacy. We conducted a study where 30 participants completed a simulated holiday booking task; each page showing ads with different degrees of personalization. Participants fixated twice as long when ads contained their photo. Participants reported being more likely to notice ads with their photo, holiday destination, and name, but also increasing levels of discomfort with increasing personalization. We conclude that greater personalization in ad content may achieve higher levels of attention, but that the most personalized ads are also the least acceptable. The noticeability benefit in using someones photo to make them look at an ad may be offset by the privacy cost. As more personal data becomes available to advertisers, it becomes important that these trade-offs are considered.

Federated identity to access e-government services: are citizens ready for this?

To assess the risk of a loan applicant defaulting, lenders feed applicants’ data into credit scoring algorithms. They are always looking to improve the effectiveness of their predictions, which means improving the algorithms and/or collecting different data. Research on financial behavior found that elements of a person’s family history and social ties can be good predictors of financial responsibility and control. Our study investigated how loan applicants applying for a credit card would respond to questions such as “Did any of your loved ones die while you were growing up?” 48 participants were asked to complete a new type of credit card application form containing such requests as part of a “Consumer Acceptance Test” of a credit card with lower interest rates, but only available to “financially responsible customers.” This was a double-blind study—the experimenters processing participants were told exactly the same. We found that: (1) more sensitive items are disclosed less often—e.g., friends’ names and contact had only a 69 % answer rate; (2) privacy fundamentalists are 5.6 times less likely to disclose data; and (3) providing a justification for a question has no effect on its answer rate. Discrepancies between acceptability and disclosure were observed—e.g., 43 % provided names and contact of friends, having said they found the question unacceptable. We conclude that collecting data items not traditionally seen as relevant could be made acceptable if lenders can credibly establish relevance, and assure applicants they will be assessed fairly. More research needs to be done on how to best communicate these qualities.

Privacy for Loan Applicants Versus Predictive Power for Loan Providers: Is It Possible to Bridge the Gap?

Both the US & UK government have decided that citizens will to authenticate to government using Federated Identity (FedID) solutions: governments do not want to be Identity providers (IdPs), but leverage accounts that citizens have with other service providers instead. We investigated how citizens react to their first encounter FedID authentication in this context. We performed 2 studies using low fidelity prototypes with: in study 1, 44 citizen participants, & in study 2, 22 small business owners, employees & agents. We recorded their reactions during their user journey authenticating with 3rd party providers they already had accounts with. In study 1, 50% of participants said they would not continue to use the system on reaching the hub page, & 45% believed they were being asked to make a payment. 25% of those continuing said they would stop when they reached the consent page, where they were asked by their IdP to authorise the release of their identifying information to the government service. 34% of the participants felt threatened rather than reassured by the privacy protection statement. With study 2s improved prototype, only 14% of participants said they would not continue on reaching the hub page, & 6% abandoned at the consent page. Our results show that usability & acceptance of FedID can be greatly improved by the application of standard HCI techniques, but trust in the ID Provider is essential. We finally report results from a survey of which ID providers UK citizens would trust, & found significant differences between age groups.

‘R-What?’ Development of a role-based access control policy-writing tool for e-Scientists

Loan providers manage risk by assessing applicants’ ability and willingness to re-pay. The loan application is the most visible aspect of credit scoring. To prevent gaming of the process, loan providers do not reveal why they ask for certain information. This lack of transparency leads applicants to perceive some questions as invasive. We investigated this phenomenon in three studies. The first survey revealed that applicants were least comfortable with providing their work phone number, value of other assets, and total number of investments. Ten interviews with loan applicants indicated that loan application forms do not allow them to adequately describe their financial situation. In the second survey 12% of participants reported they had not applied for credit because of the information requested. Results suggest that loan providers should explain why information is requested and how it will be used. Applicants’ satisfaction with credit scoring can be improved by: (1) letting applicants specify how/when they want to be contacted; (2) obtaining informed consent for data sharing with third parties; and (3) making some data items optional.