当前位置:
X-MOL 学术
›
Journal of Cybersecurity
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
Deploying authentication in the wild: towards greater ecological validity in security usability studies
Journal of Cybersecurity ( IF 2.9 ) Pub Date : 2020-11-18 , DOI: 10.1093/cybsec/tyaa010 Seb Aebischer 1 , Claudio Dettoni 1 , Graeme Jenkinson 1 , Kat Krol 1 , David Llewellyn-Jones 1 , Toshiyuki Masui 2, 3 , Frank Stajano 1
中文翻译:
在野外部署身份验证:在安全可用性研究中提高生态有效性
更新日期:2020-11-18
Journal of Cybersecurity ( IF 2.9 ) Pub Date : 2020-11-18 , DOI: 10.1093/cybsec/tyaa010 Seb Aebischer 1 , Claudio Dettoni 1 , Graeme Jenkinson 1 , Kat Krol 1 , David Llewellyn-Jones 1 , Toshiyuki Masui 2, 3 , Frank Stajano 1
Affiliation
Abstract
Pico is a token-based login method that claims to be simultaneously more usable and more secure than passwords. It does not ask users to remember any secrets, nor to type one-time passwords. We evaluate Pico’s claim with two deployments and user studies, one on a web-based service and another within an organization. Our main aim is to collect actionable intelligence on how to improve the usability and deployability of Pico. In our first study we team up with an established website, Gyazo, to offer this alternative login mechanism to users intent on performing a real task of image sharing. From the lessons of this first study, we retarget Pico’s focus from replacing web passwords to replacing desktop login passwords; and thus in our second study we engage with a government organization, Innovate UK, to offer employees the ability to lock and unlock their computer automatically based on proximity. We focus particularly on the ecological validity of the trials and we thereby gain valuable insights into the viability of Pico, not only through the actual responses from the participants but also through the many practical challenges we had to face and overcome. Reflecting on the bigger picture, from our experience we believe the security usability community would greatly benefit from pushing towards greater ecological validity in published work, despite the considerable difficulties and costs involved.
中文翻译:
在野外部署身份验证:在安全可用性研究中提高生态有效性
摘要
Pico是一种基于令牌的登录方法,声称比密码同时具有更高的可用性和安全性。它不会要求用户记住任何秘密,也不会键入一次性密码。我们通过两次部署和用户研究来评估Pico的索赔,其中一项是基于Web的服务,另一项是在组织内部。我们的主要目的是收集有关如何改善Pico的可用性和可部署性的可行情报。在我们的第一项研究中,我们与一个建立的网站Gyazo合作,为打算执行图像共享实际任务的用户提供这种替代登录机制。从第一篇研究的课程中,我们将Pico的重点重新定位从替换Web密码到替换桌面登录密码。因此,在第二项研究中,我们与一个名为Innovate UK的政府组织合作,使员工能够根据距离自动锁定和解锁计算机。我们特别关注试验的生态有效性,因此我们不仅可以通过参与者的实际回应,还可以通过我们必须面对和克服的许多实际挑战,来获得对Pico的可行性的宝贵见解。从更大的角度反映,从我们的经验中,我们认为,尽管涉及相当多的困难和成本,但在提高已发表工作的生态有效性方面,安全可用性界将大有裨益。不仅通过参与者的实际回应,而且还通过我们必须面对和克服的许多实际挑战。从更大的角度反映,从我们的经验中,我们认为,尽管涉及相当多的困难和成本,但在提高已发表工作的生态有效性方面,安全可用性界将大有裨益。不仅通过参与者的实际回应,而且还通过我们必须面对和克服的许多实际挑战。从更大的角度反映,从我们的经验中,我们认为,尽管涉及相当多的困难和成本,但在提高已发表工作的生态有效性方面,安全可用性界将大有裨益。
京公网安备 11010802027423号