Users' conceptions of risks and harms on the web: a comparative study
CHI '02 Extended Abstracts on Human Factors in Computing Systems
Revised Papers from the 8th International Workshop on Security Protocols
Gathering evidence: use of visual security cues in web browsers
GI '05 Proceedings of Graphics Interface 2005
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Do security toolbars actually prevent phishing attacks?
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Decision strategies and susceptibility to phishing
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
A large-scale study of web password habits
Proceedings of the 16th international conference on World Wide Web
The Emperor's New Security Indicators
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Communications of the ACM
What instills trust? a qualitative study of phishing
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Hi-index | 0.00 |
User authentication can be compromised both by subverting the system and by subverting the user; the threat modelling of the former is well studied, the latter less so. We propose a method to determine opportunities to subvert the user allowing vulnerabilities to be systematically identified. The method is applied to VeriSign's OpenID authentication mechanism.