A field study of user behavior and perceptions in smartcard authentication

Authors:
Celeste Lyn Paul;Emile Morse;Aiping Zhang;Yee-Yin Choong;Mary Theofanos
Affiliations:
University of Maryland Baltimore County, Baltimore, Maryland;National Institute of Standards and Technology, Gaithersburg, Maryland;National Institute of Standards and Technology, Gaithersburg, Maryland;National Institute of Standards and Technology, Gaithersburg, Maryland;National Institute of Standards and Technology, Gaithersburg, Maryland
Venue:
INTERACT'11 Proceedings of the 13th IFIP TC 13 international conference on Human-computer interaction - Volume Part IV
Year:
2011

Citing 16
Cited 0

Transforming the 'Weakest Link' — a Human/Computer Interaction Approach to Usable and Effective Security

BT Technology Journal
Password policy: the good, the bad, and the ugly

WISICT '04 Proceedings of the winter international synposium on Information and communication technologies
Security and usability: the case of the user authentication methods

IHM '06 Proceedings of the 18th International Conferenceof the Association Francophone d'Interaction Homme-Machine
Privacy and security threat analysis of the federal employee personal identity verification (PIV) program

SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Fourth-factor authentication: somebody you know

Proceedings of the 13th ACM conference on Computer and communications security
A large-scale study of web password habits

Proceedings of the 16th international conference on World Wide Web
The Emperor's New Security Indicators

SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
National e-ID card schemes: A European overview

Information Security Tech. Report
It's not what you know, but who you know: a social approach to last-resort authentication

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Identity, credential, and access management at NASA, from Zachman to attributes

Proceedings of the 8th Symposium on Identity and Trust on the Internet
Utilizing smart cards for authentication and compliance tracking in a diabetes case management system

Proceedings of the 46th Annual Southeast Regional Conference on XX
So long, and no thanks for the externalities: the rational rejection of security advice by users

NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
Usable security: User preferences for authentication methods in eBanking and the effects of experience

Interacting with Computers
The true cost of unusable password policies: password use in the wild

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Chip and PIN is Broken

SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Implicit authentication for mobile devices

HotSec'09 Proceedings of the 4th USENIX conference on Hot topics in security

Quantified Score

Hi-index	0.00

Visualization

Abstract

A field study of 24 participants over 10 weeks explored user behavior and perceptions in a smartcard authentication system. Ethnographic methods used to collect data included diaries, surveys, interviews, and field observations. We observed a number of issues users experienced while they integrated smartcards into their work processes, including forgetting smartcards in readers, forgetting to use smartcards to authenticate, and difficulty understanding digital signatures and encryption. The greatest perceived benefit was the use of an easy-to-remember PIN in replacement of complicated passwords. The greatest perceived drawback was the lack of smartcard-supported applications. Overall, most participants had a positive experience using smartcards for authentication. Perceptions were influenced by personal benefits experienced by participants rather than an increase in security.