On the usability of user interfaces for secure website authentication in browsers

Authors:
Massimiliano Pala;Yifei Wang
Affiliations:
Computer Science Department, Dartmouth College, Sudikoff Laboratory, Hanover, NH;Computer Science Department, Dartmouth College, Sudikoff Laboratory, Hanover, NH
Venue:
EuroPKI'09 Proceedings of the 6th European conference on Public key infrastructures, services and applications
Year:
2009

Citing 9
Cited 0

Password Memorability and Security: Empirical Results

IEEE Security and Privacy
Why phishing works

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Increasing security and usability of computer systems with graphical passwords

ACM-SE 45 Proceedings of the 45th annual southeast regional conference
You've been warned: an empirical study of the effectiveness of web browser phishing warnings

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Towards Identifying Usability and Security Features of Graphical Password in Knowledge Based Authentication Technique

AMS '08 Proceedings of the 2008 Second Asia International Conference on Modelling & Simulation (AMS)
Security and identification indicators for browsers against spoofing and phishing attacks

ACM Transactions on Internet Technology (TOIT)
Personal knowledge questions for fallback authentication: security questions in the era of Facebook

Proceedings of the 4th symposium on Usable privacy and security
There is no free phish: an analysis of "free" and live phishing kits

WOOT'08 Proceedings of the 2nd conference on USENIX Workshop on offensive technologies
An evaluation of extended validation and picture-in-picture phishing attacks

FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Public Key cryptography has become, in many environments, a fundamental building block for authentication purposes. Although many applications already support the usage of Public Key Certificates (PKCs), the usability of the many security features and their understanding by users is still not fully addressed. Moreover, with the increasing number of services offered via Internet and their impact on many aspects of everyday life of millions of users, the need to address usability of security is compelling. In our work we provide a usability study that highlights the status of the current User Interfaces (UIs) in browsers. In particular we focus our attention on the effectiveness of the messages related to website authentication. We also provide a set of guidelines aimed at improving the user experience and the incisiveness of security-related warnings. A prototype of a user interface is provided and analyzed.