TwoKind authentication: protecting private information in untrustworthy environments

  • Authors:

  • Katelin Bailey;Apu Kapadia;Linden Vongsathorn;Sean W. Smith

  • Affiliations:

  • Dartmouth College, Hanover, NH, USA;Dartmouth College, Hanover, NH, USA;Dartmouth College, Hanover, NH, USA;Dartmouth College, Hanover, NH, USA

  • Venue:
  • Proceedings of the 7th ACM workshop on Privacy in the electronic society
  • Year:
  • 2008

Quantified Score

Hi-index 0.00

Visualization

Abstract

Users often log in to Internet sites from insecure computers and more recently have started divulging their email passwords to social-networking sites, thereby putting their private communications at risk. We propose and evaluate TwoKind Authentication, a simple and effective technique for limiting access to private information in untrustworthy environments. In its simplest form, TwoKind offers two modes of authentication by providing a low and a high authenticator. By using a low authenticator, users can signal to the server that they are in an untrusted environment, following which the server restricts the user's actions. We seek to evaluate the effectiveness of multiple authenticators in promoting safer behavior in users. We demonstrate the effectiveness of this approach through a user experiment - we find that users make a distinction between the two authenticators and generally behave in a security-conscious way, protecting their high authenticator the ma jority of the time. Our study suggests that TwoKind will be beneficial to several Internet applications, particularly if the privileges associated with the low authenticator can be customized to a user's security preferences.