ŠŤAVOVÁ, Vlasta, Václav MATYÁŠ and Mike JUST. Codes v. People: A Comparative Usability Study of Two Password Recovery Mechanisms. In Foresti, Sara and Lopez, Javier. Information Security Theory and Practice: 10th IFIP WG 11.2 International Conference, WISTP 2016, Heraklion, Crete, Greece, September 26--27, 2016, Proceedings. Švýcarsko: Springer. p. 35-50. ISBN 978-3-319-45930-1. doi:10.1007/978-3-319-45931-8_3. 2016.
Other formats:   BibTeX LaTeX RIS
Basic information
Original name Codes v. People: A Comparative Usability Study of Two Password Recovery Mechanisms
Authors ŠŤAVOVÁ, Vlasta (203 Czech Republic, belonging to the institution), Václav MATYÁŠ (203 Czech Republic, belonging to the institution) and Mike JUST (826 United Kingdom of Great Britain and Northern Ireland).
Edition Švýcarsko, Information Security Theory and Practice: 10th IFIP WG 11.2 International Conference, WISTP 2016, Heraklion, Crete, Greece, September 26--27, 2016, Proceedings, p. 35-50, 16 pp. 2016.
Publisher Springer
Other information
Original language English
Type of outcome Proceedings paper
Field of Study 10201 Computer sciences, information science, bioinformatics
Country of publisher Switzerland
Confidentiality degree is not subject to a state or trade secret
Publication form printed version "print"
WWW URL
Impact factor Impact factor: 0.402 in 2005
RIV identification code RIV/00216224:14330/16:00091209
Organization unit Faculty of Informatics
ISBN 978-3-319-45930-1
ISSN 0302-9743
Doi http://dx.doi.org/10.1007/978-3-319-45931-8_3
UT WoS 000387956800003
Keywords in English usable security; authentication methods; usability; qr code; trusted person
Tags International impact, Reviewed
Changed by Changed by: RNDr. Pavel Šmerk, Ph.D., učo 3880. Changed: 13/5/2020 19:25.
Abstract
Password recovery is a critical, and often overlooked, requirement of account management. Currently popular solutions, such as security questions and out-of-band communications, have recognized security and usability issues. In this paper we evaluate two alternate recovery solutions considered by our industrial partner, using backup codes and trusted people, in order to determine their suitability as a viable password recovery solution. In this paper we focus on the usability evaluation of these two representative recovery methods, and not on the specifics of their design – while our evaluation results do indirectly point to general design enhancements. Our study determined that participants felt that backup codes (implemented as a QR-code in our solution) offer levels of usability and security that are acceptable to users for securing their “ordinary” accounts. For accounts perceived to require more security (e.g., online banking) more security was preferred by participants, resulting in a preference for trusted party recovery compared to backup codes. Our results also suggest that further research and deployment considerations should be given to options for other methods of password recovery, such as backup codes and trusted parties.
Links
MUNI/M/1052/2013, interní kód MUName: Experimentální výzkum chování uživatelů ICT v oblasti bezpečnosti perspektivou sociálních věd, práva a informatiky
Investor: Masaryk University, INTERDISCIPLINARY - Interdisciplinary research projects
PrintDisplayed: 20/4/2024 01:10