Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mary Theofanos Visualization & Usability Group Information Access Division Information Technology Laboratory PIV Pilot Usability Lessons Learned.

Published byEmory Barrett Modified over 8 years ago

Similar presentations

Presentation on theme: "Mary Theofanos Visualization & Usability Group Information Access Division Information Technology Laboratory PIV Pilot Usability Lessons Learned."— Presentation transcript:

1 Mary Theofanos Visualization & Usability Group Information Access Division Information Technology Laboratory PIV Pilot Usability Lessons Learned

2 Comprehensive National Cyber-Security Initiative: Research and Development

3 Usability Research Goal: To enable policy makers and system implementers to make better decisions

4 PIV Pilot study objectives Investigate and gain insight on the impact of this new system on worker performance Explore attitudes people have about this new authentication approach that may affect uptake. Learn whether there are differences in users’ expectations and attitudes of the system prior to first use and ongoing use.

5 What did the Pilot involve? 26 NIST employees (of 100 Pilot users) over 10 weeks that used the PIV card and pin to: Log in to their computer Digitally sign email Encrypt email Access a web application to register visitors

6 What information did we collect? Daily emails surveys (diary) Periodic interviews Direct observation Pre and post surveys Did you use the PV card to login today? If not why not? Did you have problems?

7 What did we learn? Installation and Training Streamline the PIV update certificate process Develop a strategy for coordinating technical support for users of PIV cards and readers. Provide a variety of training opportunities to accommodate the wide variety of learning styles that users have

8 What did we learn? Work Environment and Form Factor One size does not fit all. A wide range of devices should be evaluated and be made available for users to choose Continue to support use of username and passwords to address forgotten, stolen and lost PIV cards. Refrain from mandating a PIN that changes frequently No clear policy on when to encrypt/decrypt or digitally sign an email Clear guidance on how to choose between certificates. All web applications should use PIV

9 What did we learn? Work Environment and Form Factor One size does not fit all. A wide range of devices should be evaluated and be made available for users to choose Continue to support use of username and passwords to address forgotten, stolen and lost PIV cards. Refrain from mandating a PIN that changes frequently No clear policy on when to encrypt/decrypt or digitally sign an email Clear guidance on how to choose between certificates. How do you use PIV for multiple computers at one time All web applications should use PIV

10 Users Views of PIV Security Users develop mental models of security that are inaccurate No concept that possessing the card is part of the overall security mechanism (multi-factor) Reinforces the importance for security to be as transparent as possible and to maximize direct benefits to users

11 User Acceptance Users who interacted with the usability team were much more accepting than others users in pilot 1) used their PIV cards more during the pilot ; and 2) are much more likely to continue using their PIV cards for accessing their computers Consider creating user groups to allow development of in- house expertise related to PIV use.

12 Wrong Approach: Aw, they’ll get used to it

13 Contact Information Mary Theofanos maryt@nist.gov Emile Morse emorse@nist.gov

Download ppt "Mary Theofanos Visualization & Usability Group Information Access Division Information Technology Laboratory PIV Pilot Usability Lessons Learned."

Similar presentations

ARIN XIMemphis, TN April 2003 ARIN DBWG Tim Christensen Authentication Update.

ARIN XIMemphis, TN April 2003 ARIN DBWG Tim Christensen Authentication Update.
Cloud PIV Authentication and Authorization Demo PIV Card User Workstation Central Security Server In order to use Cloud Authentication and Authorization.

Cloud PIV Authentication and Authorization Demo PIV Card User Workstation Central Security Server In order to use Cloud Authentication and Authorization.
A mobile single sign-on system Master thesis 2006 Mats Byfuglien.

A mobile single sign-on system Master thesis 2006 Mats Byfuglien.
A Comprehensive Study of the Usability of multiple Graphical Passwords SoumChowdhury (Presenter) Ron Poet Lewis Mackenzie 1 School of Computing Science.

A Comprehensive Study of the Usability of multiple Graphical Passwords SoumChowdhury (Presenter) Ron Poet Lewis Mackenzie 1 School of Computing Science.
The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.

The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.
Public Key Infrastructure (PKI) Hosting Services.

Public Key Infrastructure (PKI) Hosting Services.
1 Cypak core technology New convenient security solutions for online gaming Combat fraud and keep your customer happy.

1 Cypak core technology New convenient security solutions for online gaming Combat fraud and keep your customer happy.
Controlling Access to Resources for Walk-In Users 14 September 2006 Rod Crowley Systems Team Leader Leeds University Library.

Controlling Access to Resources for Walk-In Users 14 September 2006 Rod Crowley Systems Team Leader Leeds University Library.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
Getting Started. Edline Web Site Requirements Provide Students and Parents With: 1.A Brief Course Description 2.Your Email Address 3.Course Syllabus 4.Major.

Getting Started. Edline Web Site Requirements Provide Students and Parents With: 1.A Brief Course Description 2.Your Address 3.Course Syllabus 4.Major.
Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.

Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.
PRODUCT FOCUS 4/14/14 – 4/25/14 INTRODUCTION Our Product Focus for the next two weeks is Microsoft Office 365. Office 365 is Microsoft’s most successful.

PRODUCT FOCUS 4/14/14 – 4/25/14 INTRODUCTION Our Product Focus for the next two weeks is Microsoft Office 365. Office 365 is Microsoft’s most successful.
Systems Analysis and Design 9th Edition

Systems Analysis and Design 9th Edition
Password?. Project CLASP: Common Login and Access rights across Services Plan

Password?. Project CLASP: Common Login and Access rights across Services Plan
Password?. Project CLASP: Common Login and Access rights across Services Plan

Password?. Project CLASP: Common Login and Access rights across Services Plan
FMMI Overview October 2014.

FMMI Overview October 2014.
Fire Officer Strategy and Tactics (FOST) State Certification Practical Examination PART “A” May 2009.

Fire Officer Strategy and Tactics (FOST) State Certification Practical Examination PART “A” May 2009.
March 14, 2012 Office of Client Solutions 1800 F Street, NW Washington, DC 20405 202.501.0206 www.gsa.gov Working together to meet your needs and make.

March 14, 2012 Office of Client Solutions 1800 F Street, NW Washington, DC Working together to meet your needs and make.
1 Emerging Knowledge-Based Business Models Robert M. Shapiro, CEO Meta Software Corporation.

1 Emerging Knowledge-Based Business Models Robert M. Shapiro, CEO Meta Software Corporation.
Mary Theofanos Visualization & Usability Group Information Access Division Information Technology Laboratory Usability Research in Support Of Cyber-Security.

Mary Theofanos Visualization & Usability Group Information Access Division Information Technology Laboratory Usability Research in Support Of Cyber-Security.

Similar presentations

Ads by Google