CHI 2008: a selection on security – putting people first

Here is my selection on security related papers presented at CHI 2008.

(Papers are linked to their pdf downloads, if available.)

Love and authentication [abstract]
Authors: Markus Jakobsson (Palo Alto Research Center), Erik Stolterman (Indiana University), Susanne Wetzel (Stevens Institute of Technology) and Liu Yang (Stevens Institute of Technology)
Abstract: Passwords are ubiquitous, and users and service providers alike rely on them for their security. However, good passwords may sometimes be hard to remember. For years, security practitioners have battled with the dilemma of how to authenticate people who have forgotten their passwords. Existing approaches suffer from high false positive and false negative rates, where the former is often due to low entropy or public availability of information, whereas the latter often is due to unclear or changing answers, or ambiguous or fault prone entry of the same. Good security questions should be based on long-lived personal preferences and knowledge, and avoid publicly available information. We show that many of the questions used by online matchmaking services are suitable as security questions. We first describe a new user interface approach suitable to such security questions that is offering a reduced risks of incorrect entry. We then detail the findings of experiments aimed at quantifying the security of our proposed method.

Human-in-the-loop: rethinking security in mobile and pervasive systems [abstract]
Authors: Vassilis Kostakos (University of Madeira / Carnegie Mellon University) and Eamonn Oâ€™Neill (University of Bath)
Abstract: In this paper we argue that pervasive systems introduce human-driven security vulnerabilities that traditional usability design cannot address. We claim that there is a need to understand better the appropriate role of humans in the context of pervasive systems security, and to develop quantifiable and measurable concepts that describe humans and their relationship with our systems. Here, we highlight mobility and sociability as two new sources of security vulnerabilities for pervasive systems, and describe our method for developing quantifiable metrics for these concepts.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Related Posts

Applying AI in UX research

Human-centered design to go beyond the mere “what customers want”

[Paper] Why people still fall for phishing emails

Leave a Reply