Learning from early attempts to measure information security performance
CSET'12 Proceedings of the 5th USENIX conference on Cyber Security Experimentation and Test
Short paper: smartphones: not smart enough?
Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices
SAuth: protecting user accounts from password database leaks
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Hi-index | 0.00 |
Choosing the security architecture and policies for a system is a demanding task that must be informed by an understanding of user behavior. We investigate the hypothesis that adding visible security features to a system increases user confidence in the security of a system and thereby causes users to reduce how much effort they spend in other security areas. In our study, 96 volunteers each created a pair of accounts, one secured only by a password and one secured by both a password and a fingerprint reader. Our results strongly support our hypothesis -- on average. When using the fingerprint reader, users created passwords that would take one three-thousandth as long to break, thereby potentially negating the advantage two-factor authentication could have offered.