Password sharing: implications for security design based on social practice

Authors:
Supriya Singh;Anuja Cabraal;Catherine Demosthenous;Gunela Astbrink;Michele Furlong
Affiliations:
RMIT University, Melbourne, Australia;RMIT University, Melbourne, Australia;Griffith University, Brisbane, Australia;GSA Information Consulants, Brisbane, Australia;GSA Information Consulants, Brisbane, Australia
Venue:
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Year:
2007

Citing 14
Cited 20

Introduction

Technology and privacy
Trust and accountability: preserving human values in interactional experience

CHI 98 Cconference Summary on Human Factors in Computing Systems
The invisible computer

The invisible computer
Users are not the enemy

Communications of the ACM
Secrets & Lies: Digital Security in a Networked World

Secrets & Lies: Digital Security in a Networked World
Society on the Line: Information Politics in the Digital Age

Society on the Line: Information Politics in the Digital Age
Unpacking "privacy" for a networked world

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Aligning Security and Usability

IEEE Security and Privacy
Security in the wild: user strategies for managing security as an everyday, practical problem

Personal and Ubiquitous Computing
Beyond concern: a privacy-trust-behavioral intention model of electronic commerce

Information and Management
A study of preferences for sharing and privacy

CHI '05 Extended Abstracts on Human Factors in Computing Systems
Editorial: why HCI research in privacy and security is critical now

International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
Secrecy, flagging, and paranoia: adoption criteria in encrypted email

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Déjà Vu: a user study using images for authentication

SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9

User Identification Based on Handwritten Signatures with Haptic Information

EuroHaptics '08 Proceedings of the 6th international conference on Haptics: Perception, Devices and Scenarios
Family accounts: a new paradigm for user accounts within the home environment

Proceedings of the 2008 ACM conference on Computer supported cooperative work
Merx: Secure and Privacy Preserving Delegated Payments

Trust '09 Proceedings of the 2nd International Conference on Trusted Computing
Balancing Separateness and Jointness of Money in Relationships: The Design of Bank Accounts in Australia and India

IDGD '09 Proceedings of the 3rd International Conference on Internationalization, Design and Global Development: Held as Part of HCI International 2009
Under my pillow: designing security for children's special things

Proceedings of the 23rd British HCI Group Annual Conference on People and Computers: Celebrating People and Technology
The true cost of unusable password policies: password use in the wild

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Security design based on social and cultural practice: sharing of passwords

UI-HCII'07 Proceedings of the 2nd international conference on Usability and internationalization
Usably secure, low-cost authentication for mobile banking

Proceedings of the Sixth Symposium on Usable Privacy and Security
Self-reported password sharing strategies

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
A diary study of password usage in daily life

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
F for fake: four studies on how we fall for phish

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
PorKI: portable PKI credentials via proxy certificates

EuroPKI'10 Proceedings of the 7th European conference on Public key infrastructures, services and applications
A multi-word password proposal (gridWord) and exploring questions about science in security research and usable security evaluation

Proceedings of the 2011 workshop on New security paradigms workshop
Pictures or questions?: examining user responses to association-based authentication

BCS '10 Proceedings of the 24th BCS Interaction Specialist Group Conference
Eighty something: banking for the older old

BCS-HCI '11 Proceedings of the 25th BCS Conference on Human-Computer Interaction
Designing textual password systems for children

Proceedings of the 11th International Conference on Interaction Design and Children
User Perceptions of Security Technologies

International Journal of Information Security and Privacy
In the balance in Saudi Arabia: security, privacy and trust

CHI '13 Extended Abstracts on Human Factors in Computing Systems
CASA: context-aware scalable authentication

Proceedings of the Ninth Symposium on Usable Privacy and Security
Account sharing in the context of networked hospitality exchange

Proceedings of the 17th ACM conference on Computer supported cooperative work & social computing

Quantified Score

Hi-index	0.01

Visualization

Abstract

Current systems for banking authentication require that customers not reveal their access codes, even to members of the family. A study of banking and security in Australia shows that the practice of sharing passwords does not conform to this requirement. For married and de facto couples, password sharing is seen as a practical way of managing money and a demonstration of trust. Sharing Personal Identification Numbers (PINs) is a common practice among remote indigenous communities in Australia. In areas with poor banking access, this is the only way to access cash. People with certain disabilities have to share passwords with carers, and PIN numbers with retail clerks. In this paper we present the findings of a qualitative user study of banking and money management. We suggest design criteria for banking security systems, based on observed social and cultural practices of password and PIN number sharing.