Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Usability Study and Critique of Two Password Managers

Published byDirenç Bilgili Modified over 5 years ago

Similar presentations

Presentation on theme: "A Usability Study and Critique of Two Password Managers"— Presentation transcript:

1 A Usability Study and Critique of Two Password Managers
Sonia Chiasson, PC van Oorschot , and Robert Biddle

2 Overview Introduce PwdHash and Password Multiplier Usability Testing
Study Details and Results Lessons Learned - Usability Lessons Learned - Security 2/11

3 Password Managers Shift the burden of creating and remembering strong passwords away from users easier for users better protection eg. PwdHash (USENIX Security 2005) Password Multiplier(WWW2005) 3/11

4 PwdHash Password Multiplier
in front of passwords you want to protect potentially different user passwords for each site one master password, only need to remember one password and it generates the others activate with Alt+P or double-clicking hash(pwd, dom) = PRFpwd(dom) V = fk1(username,master_pwd) site_pwd=fk2(dom,master_pwd,V) 4/11

5 Usability Testing Is this usable? Are there problems?
Need to observe real users a few may not be enough Cannot just ask for users’ opinion “the user is not the weakest link – but your interface might be!” 5/11

6 Study Details 26 participants data collection 5 tasks for each plug-in
various degree programs, only 4 with technical backgrounds data collection observational data recording task outcomes, difficulties, obvious misconceptions, quotes questionnaire data initial attitudes, opinion after each task, post questionnaires 5 tasks for each plug-in balanced order written instructions think-aloud protocol 6/11

7 Task Completion Results
Success Potentially Causing Security Exposures Dangerous Success Failures Failure False Completion Failed due to Previous PwdHash Log In 48% 44% 8% 0% N/A Migrate Pwd 42% 35% 11% Remote Login 27% 31% Update Pwd 19% 65% Second Login 52% 28% 4% 16% Password Multiplier 32% 20% 7/11

8 Questionnaire Responses
positive neutral negative 8/11

9 Lessons Learned - Usability
activation “well I think it did something” once is not enough lack of feedback, invisibility/transparency complete tasks without activation frustration and misconceptions gave up on tasks how system deals with passwords 9/11

10 Lessons Learned - Security
Usability problems lead to security vulnerabilities False sense of security Benefits rely on correct operation 10/11

11 Conclusion Usability is a concern because it can directly lead to security vulnerabilities Systems must be tested with real users transparency not always good must support users’ mental models 11/11

12 For more info:

Download ppt "A Usability Study and Critique of Two Password Managers"

Similar presentations

© 2006 Richard M. Conlan Interface Designs to Help Users Choose Better Passwords (study design) Richard M. Conlan, Peter Tarasewich Northeastern University.

© 2006 Richard M. Conlan Interface Designs to Help Users Choose Better Passwords (study design) Richard M. Conlan, Peter Tarasewich Northeastern University.
Usability testing The Think-aloud test Presented by: Connor Stroomberg.

Usability testing The Think-aloud test Presented by: Connor Stroomberg.
1.We will begin by asking you to reflect on a question. 1.We will turn on some music and you will walk around the room, pondering your answer to the question.

1.We will begin by asking you to reflect on a question. 1.We will turn on some music and you will walk around the room, pondering your answer to the question.
Stages in Integrating technology Elaine Hoter. Stage 1: Awareness 1 I am aware that technology exists but have not used it – perhaps I’ve even avoiding.

Stages in Integrating technology Elaine Hoter. Stage 1: Awareness 1 I am aware that technology exists but have not used it – perhaps I’ve even avoiding.
ATTACKING AUTHENTICATION The Web Application Hacker’s Handbook, Ch. 6 Presenter: Jie Huang 10/31/2012.

ATTACKING AUTHENTICATION The Web Application Hacker’s Handbook, Ch. 6 Presenter: Jie Huang 10/31/2012.
CS305: HCI in SW Development Evaluation (Return to…)

CS305: HCI in SW Development Evaluation (Return to…)
Research at the Sociocultural Level of Analysis Ethical Considerations Alli Cales & David Rivera.

Research at the Sociocultural Level of Analysis Ethical Considerations Alli Cales & David Rivera.
Energy Information Administration Usability Testing Colleen Blessing.

Energy Information Administration Usability Testing Colleen Blessing.
An evaluation framework

An evaluation framework
“Retrospective vs. concurrent think-aloud protocols: usability testing of an online library catalogue.” Presented by: Aram Saponjyan & Elie Boutros.

“Retrospective vs. concurrent think-aloud protocols: usability testing of an online library catalogue.” Presented by: Aram Saponjyan & Elie Boutros.
Online testing made effective and easy. The easy way to have your tests answered and scored online. If you have a test in a PDF file, it can be online.

Online testing made effective and easy. The easy way to have your tests answered and scored online. If you have a test in a PDF file, it can be online.
Electronic EDI e-EDI. The EDI has been in use since 1999 using a paper-based system and computerized spreadsheets to collect and manage EDI data. Over.

Electronic EDI e-EDI. The EDI has been in use since 1999 using a paper-based system and computerized spreadsheets to collect and manage EDI data. Over.
Chapter 14: Usability testing and field studies

Chapter 14: Usability testing and field studies
Evaluation Framework Prevention vs. Intervention CHONG POH WAN 21 JUNE 2011.

Evaluation Framework Prevention vs. Intervention CHONG POH WAN 21 JUNE 2011.
Multiple Password Interference in text Passwords and click based Graphical Passwords by Sonia Chiasson, Alian Forget, Elizabeth Stobert, PC van Oorschot.

Multiple Password Interference in text Passwords and click based Graphical Passwords by Sonia Chiasson, Alian Forget, Elizabeth Stobert, PC van Oorschot.
1 SWE 513: Software Engineering Usability II. 2 Usability and Cost Good usability may be expensive in hardware or special software development User interface.

1 SWE 513: Software Engineering Usability II. 2 Usability and Cost Good usability may be expensive in hardware or special software development User interface.
Cognitive Apprenticeship “Mastering knowledge” CLICK TO START.

Cognitive Apprenticeship “Mastering knowledge” CLICK TO START.
1 Usability Studies. 2 Evaluate Usability Run a usability study to judge how an interface facilitates tasks with respect to the aspects of usability mentioned.

1 Usability Studies. 2 Evaluate Usability Run a usability study to judge how an interface facilitates tasks with respect to the aspects of usability mentioned.
CS2003 Usability Engineering Usability Evaluation Dr Steve Love.

CS2003 Usability Engineering Usability Evaluation Dr Steve Love.
Team name Usability testing plan for BelleViews School of Business and Information Management Oulu University of Applied Sciences.

Team name Usability testing plan for BelleViews School of Business and Information Management Oulu University of Applied Sciences.

Similar presentations

Ads by Google