Speaker: Stuart Schechter, MIT Lincoln Laboratory
Date: Wednesday, 7 February January
Time: talk 12-1, discussion 1-1:30 (lunch provided)
Place: Maxwell Dworkin 119

Title: “The Emperor’s New Security Indicators: An evaluation of website authentication and the effect of role playing on usability studies”

Abstract:
We evaluate website authentication measures that are designed to protect users from man-in-the-middle, `phishing’, and other site forgery attacks. We asked 67 bank customers to conduct common online banking tasks. Each time they logged in, we presented increasingly alarming clues that theirconnection was insecure. First, we removed HTTPS indicators. Next, we removed the participant’s site-authentication indicators—the customer-selected image that many websites now expect their users to verify before entering their passwords. Finally, we replaced the bank’s password-entry with a warning page. After each clue, we measured whether participants entered their passwords or withheld them.

We also investigate how a study’s design affects participant behavior: we asked some participants to play a role and others to use their own accounts and passwords. We also presented some participants with security-focused instructions.

This entry was posted on Tuesday, February 6th, 2007 at 12:31 pm and is filed under Events. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.