Users Are Not the Enemy - PowerPoint PPT Presentation

1 / 17
About This Presentation
Title:

Users Are Not the Enemy

Description:

Users Are Not the Enemy Anna Adams Martina Angela Sasse Overview Introduction The Study Users Lack Security Knowledge Security Needs User-Centered Design Motivating ... – PowerPoint PPT presentation

Number of Views:59
Avg rating:3.0/5.0
Slides: 18
Provided by: NKU3
Category:

less

Transcript and Presenter's Notes

Title: Users Are Not the Enemy


1
Users Are Not the Enemy
  • Anna Adams
  • Martina Angela Sasse

2
Overview
  • Introduction
  • The Study
  • Users Lack Security Knowledge
  • Security Needs User-Centered Design
  • Motivating Users
  • Users and Password Behavior
  • Recommendations
  • Conclusion

3
Introduction
  • Confidentiality of computer security
  • Identification
  • Authentication
  • Password Security
  • Key element is crack ability of password
    combination
  • Should have several criteria for password
    security

4
Password Security
  • Password composition
  • What type of characters used for passwords
  • Password lifetime
  • Changing passwords frequently
  • Password ownership
  • Increase individual accountability
  • Reduce illicit usage
  • Allow for an establishment of system usage
  • Reduce frequent password changes

5
The Study
  • Web-based questionnaire
  • Focused on password behaviors
  • 4 factors influencing effective passwords
  • Multiple passwords
  • Password Content
  • Perceived compatibility with work practices
  • Users perceptions of organizational security and
    information sensitivity

6
The Study What was found
  • Multiple passwords
  • Writing them down
  • Poor design
  • Linked passwords
  • Password Content
  • No feed back from security experts
  • Own rules for passwords
  • Password restrictions
  • Increase password disclosures
  • Ways to circumvent restrictions

7
The Study What was found cont.
  • Compatibility between work practices and password
    procedures
  • Shared passwords
  • Not being informed of security issues
  • Guided by what they see
  • 2 main problems in password usage
  • Systems factors
  • External factors

8
Users Lack Security Knowledge
  • Need-to-know Principle
  • The more know about security the easier it is to
    attack
  • Users not informed
  • Password behaviors
  • Correct password content
  • Cracking
  • Not told of security breaches

9
Users Lack Security Knowledge
  • Misunderstanding of login process
  • Confuse user identification with passwords
  • Think IDs are part of password
  • Using physical attributes that dont require ID
    recall
  • Combine physical attributes with remote access to
    systems

10
Security Needs User-Center Design
  • To achieve good user-center design in security
    mechanisms
  • communication with users is needed
  • Security has to think about the users
  • Requiring many passwords create usability
    problems
  • Frequently changed passwords increase disclosure
  • Need to take into account passwords used out of
    the office

11
Motivating Users
  • Simplistic Approach to user authentication
  • Restricts data by identification and
    authentication
  • Does not work well for group work
  • Authoritarian Approach to user authentication
  • Led to security departments reluctance to
    communicate with users with regard to work
    practices

12
Motivating Users cont.
  • Individual ownership of passwords increases
    accountability and decreases illicit usage of
    passwords
  • If users perceive they are using shared passwords
    this increases groups responsibility and
    accountability
  • Password mechanism has to be compatible with work
    practices

13
Motivating Users cont.
  • Most users are security conscious just need to
    think that security is important
  • Need to forget about Need-to-Know
  • If done could lead to security leaks
  • Can also motivate users of real problems
  • Need to have communication between security
    department and users
  • This is the only area in IT in which user
    training is not regarded as essential

14
Users and Password Behavior
  • Major problems with Security
  • Insecure work practices
  • Low security motivation
  • Personal thinking vs. drills and punishment
  • Security procedures must work with user work
    practices
  • Security departments have to see how their
    mechanisms are used in practice

15
Recommendations
  • Password Content
  • Provide training on usable and secure passwords
  • Provide constructive feedback on password
    construction
  • Multiple Passwords
  • Reduce number of passwords
  • 4 or 5 passwords max
  • Smart cards when using multiple passwords

16
Recommendations cont.
  • Users Perception of Security
  • System security needs to be visible to all
  • Inform users of existing and potential threats
  • Users awareness needs to be maintained over time
  • Provide guidance as to which systems and
    information are sensitive and why
  • Work Practices
  • Password mechanisms need to match organization
    and work procedures

17
Conclusion
  • Communication between security department and
    users
  • Limiting passwords
  • Creating secure passwords
  • Sharing security issues
  • The users are not the enemy of security
  • Users can help solve the problem

Questions ?
Write a Comment
User Comments (0)
About PowerShow.com