The mechanics of trust: a framework for research and design
International Journal of Human-Computer Studies
BT Technology Journal
Internet users' perceptions of 'privacy concerns' and 'privacy actions'
International Journal of Human-Computer Studies
A large-scale study of web password habits
Proceedings of the 16th international conference on World Wide Web
Usability and privacy in identity management architectures
ACSW '07 Proceedings of the fifth Australasian symposium on ACSW frontiers - Volume 68
The Seven Flaws of Identity Management: Usability and Security Challenges
IEEE Security and Privacy
The true cost of unusable password policies: password use in the wild
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
A framework for the lived experience of identity
Identity in the Information Society
Don't work. Can't work? Why it's time to rethink security warnings
CRISIS '12 Proceedings of the 2012 7th International Conference on Risks and Security of Internet and Systems (CRiSIS)
Hi-index | 0.00 |
Both the US & UK government have decided that citizens will to authenticate to government using Federated Identity (FedID) solutions: governments do not want to be Identity providers (IdPs), but leverage accounts that citizens have with other service providers instead. We investigated how citizens react to their first encounter FedID authentication in this context. We performed 2 studies using low fidelity prototypes with: in study 1, 44 citizen participants, & in study 2, 22 small business owners, employees & agents. We recorded their reactions during their user journey authenticating with 3rd party providers they already had accounts with. In study 1, 50% of participants said they would not continue to use the system on reaching the hub page, & 45% believed they were being asked to make a payment. 25% of those continuing said they would stop when they reached the consent page, where they were asked by their IdP to authorise the release of their identifying information to the government service. 34% of the participants felt threatened rather than reassured by the privacy protection statement. With study 2's improved prototype, only 14% of participants said they would not continue on reaching the hub page, & 6% abandoned at the consent page. Our results show that usability & acceptance of FedID can be greatly improved by the application of standard HCI techniques, but trust in the ID Provider is essential. We finally report results from a survey of which ID providers UK citizens would trust, & found significant differences between age groups.