Usability of User Authentication

1
Usability of User Authentication

• Robert Biddle and Sonia Chiasson

2
Human-Computer Interaction (HCI) and Identify
Theft

• HCI focuses on End-Usersand their Interaction
  with Computers
• Key ID Theft interaction Authentication
• ID Theft involves Fraudulent Authentication
• Our Research Authentication Usability

3
Security and Usability

• Problems
• Security is not a primary task
• Nature of attack, defence misunderstood
• Helpful feedback may also help attacks
• The weakest link may be a barn door
• Solutions?
• Transparency?
• Education?
• New approach?

4
Password Managers

• Shift the burden of creating and remembering
  strong passwords away from users
• easier for users
• better protection
• Our studies show
• Frustrating and misleading to use
• Lead to often false sense of security
• Likely make security worse

5
Graphical Passwords

• Alternative to text passwords
• Human memory for images better than text (i.e.
  more usable)
• Our studies show
• Relatively usable
• But hotspots a severe problem

6
Captology

• New Psychological Theoryfrom Stanford
  UniversityStudy of Computers as Persuasive
  Technology
• May help understandattacks
• May help preparedefences

7
The Cycle of Authentication

• Institution presents to Individual
• Individual authenticates to Institution
• Institution Individual Transact
• Security Requires Mutual Authentication

8
Where Do We Go From Here?

• How does usability relate to security?
• Bad usability bad security?
• Good usability bad security?
• Contact Us
• http//hot.carleton.ca
• robert_biddle_at_carleton.ca

9
Usability of User Authentication

• Sonia Chiasson and Robert Biddle