Codes v. People: A Comparative Usability Study of Two Password
Recovery Mechanisms

D 2016

Codes v. People: A Comparative Usability Study of Two Password Recovery Mechanisms

ŠŤAVOVÁ, Vlasta; Václav MATYÁŠ a Mike JUST

Základní údaje

Originální název

Codes v. People: A Comparative Usability Study of Two Password Recovery Mechanisms

Autoři

ŠŤAVOVÁ, Vlasta; Václav MATYÁŠ a Mike JUST

Vydání

Švýcarsko, Information Security Theory and Practice: 10th IFIP WG 11.2 International Conference, WISTP 2016, Heraklion, Crete, Greece, September 26--27, 2016, Proceedings, od s. 35-50, 16 s. 2016

Nakladatel

Springer

Další údaje

Jazyk

angličtina

Typ výsledku

Stať ve sborníku

Obor

10201 Computer sciences, information science, bioinformatics

Stát vydavatele

Švýcarsko

Utajení

není předmětem státního či obchodního tajemství

Forma vydání

tištěná verze "print"

Odkazy

URL

Impakt faktor

Impact factor: 0.402 v roce 2005

Označené pro přenos do RIV

Ano

Kód RIV

RIV/00216224:14330/16:00091209

Organizační jednotka

Fakulta informatiky

ISBN

978-3-319-45930-1

ISSN

Klíčová slova anglicky

usable security; authentication methods; usability; qr code; trusted person

Příznaky

Mezinárodní význam, Recenzováno

Změněno: 13. 5. 2020 19:25, RNDr. Pavel Šmerk, Ph.D.

Anotace

V originále

Password recovery is a critical, and often overlooked, requirement of account management. Currently popular solutions, such as security questions and out-of-band communications, have recognized security and usability issues. In this paper we evaluate two alternate recovery solutions considered by our industrial partner, using backup codes and trusted people, in order to determine their suitability as a viable password recovery solution. In this paper we focus on the usability evaluation of these two representative recovery methods, and not on the specifics of their design – while our evaluation results do indirectly point to general design enhancements. Our study determined that participants felt that backup codes (implemented as a QR-code in our solution) offer levels of usability and security that are acceptable to users for securing their “ordinary” accounts. For accounts perceived to require more security (e.g., online banking) more security was preferred by participants, resulting in a preference for trusted party recovery compared to backup codes. Our results also suggest that further research and deployment considerations should be given to options for other methods of password recovery, such as backup codes and trusted parties.

Návaznosti

MUNI/M/1052/2013, interní kód MU

Název: Experimentální výzkum chování uživatelů ICT v oblasti bezpečnosti perspektivou sociálních věd, práva a informatiky

Investor: Masarykova univerzita, Experimentální výzkum chování uživatelů ICT v oblasti bezpečnosti perspektivou sociálních věd, práva a informatiky, INTERDISCIPLINARY - Mezioborové výzkumné projekty

Citovat

ŠŤAVOVÁ, Vlasta; Václav MATYÁŠ a Mike JUST. Codes v. People: A Comparative Usability Study of Two Password Recovery Mechanisms. In Foresti, Sara and Lopez, Javier. Information Security Theory and Practice: 10th IFIP WG 11.2 International Conference, WISTP 2016, Heraklion, Crete, Greece, September 26--27, 2016, Proceedings. Švýcarsko: Springer, 2016, s. 35-50. ISBN 978-3-319-45930-1. Dostupné z: https://doi.org/10.1007/978-3-319-45931-8_3.

@inproceedings{1356763,
   author = {Šťavová, Vlasta and Matyáš, Václav and Just, Mike},
   address = {Švýcarsko},
   booktitle = {Information Security Theory and Practice: 10th IFIP WG 11.2 International Conference, WISTP 2016, Heraklion, Crete, Greece, September 26--27, 2016, Proceedings},
   doi = {https://doi.org/10.1007/978-3-319-45931-8_3},
   editor = {Foresti, Sara and Lopez, Javier},
   keywords = {usable security; authentication methods; usability; qr code; trusted person},
   howpublished = {tištěná verze "print"},
   language = {eng},
   location = {Švýcarsko},
   isbn = {978-3-319-45930-1},
   pages = {35-50},
   publisher = {Springer},
   title = {Codes v. People: A Comparative Usability Study of Two Password Recovery Mechanisms},
   url = {http://www.springer.com/la/book/9783319459301},
   year = {2016}
}

TY  - CONF
ID  - 1356763
AU  - Šťavová, Vlasta - Matyáš, Václav - Just, Mike
PY  - 2016
TI  - Codes v. People: A Comparative Usability Study of Two Password Recovery Mechanisms
PB  - Springer
CY  - Švýcarsko
SN  - 9783319459301
KW  - usable security
KW  - authentication methods
KW  - usability
KW  - qr code
KW  - trusted person
UR  - http://www.springer.com/la/book/9783319459301
N2  - Password recovery is a critical, and often overlooked, requirement of account management. Currently popular solutions, such as security questions and out-of-band communications, have recognized security and usability issues. In this paper we evaluate two alternate recovery solutions considered by our industrial partner, using backup codes and trusted people, in order to determine their suitability as a viable password recovery solution. In this paper we focus on the usability evaluation of these two representative recovery methods, and not on the specifics of their design – while our evaluation results do indirectly point to general design enhancements. Our study determined that participants felt that backup codes (implemented as a QR-code in our solution) offer levels of usability and security that are acceptable to users for securing their “ordinary” accounts. For accounts perceived to require more security (e.g., online banking) more security was preferred by participants, resulting in a preference for trusted party recovery compared to backup codes. Our results also suggest that further research and deployment considerations should be given to options for other methods of password recovery, such as backup codes and trusted parties.
ER  -

ŠŤAVOVÁ, Vlasta; Václav MATYÁŠ a Mike JUST. Codes v. People: A Comparative Usability Study of Two Password Recovery Mechanisms. In Foresti, Sara and Lopez, Javier. \textit{Information Security Theory and Practice: 10th IFIP WG 11.2 International Conference, WISTP 2016, Heraklion, Crete, Greece, September 26--27, 2016, Proceedings}. Švýcarsko: Springer, 2016, s.~35-50. ISBN~978-3-319-45930-1. Dostupné z: https://doi.org/10.1007/978-3-319-45931-8\_{}3.

Přehled o publikaci