A second look at the usability of click-based graphical passwords
Proceedings of the 3rd symposium on Usable privacy and security
Experimental economics and experimental computer science: a survey
Proceedings of the 2007 workshop on Experimental computer science
Examining the impact of website take-down on phishing
Proceedings of the anti-phishing working groups 2nd annual eCrime researchers summit
Evaluating a trial deployment of password re-use for phishing prevention
Proceedings of the anti-phishing working groups 2nd annual eCrime researchers summit
Behavioral response to phishing risk
Proceedings of the anti-phishing working groups 2nd annual eCrime researchers summit
Proceedings of the 2007 ACM workshop on Digital identity management
Beamauth: two-factor web authentication with a bookmark
Proceedings of the 14th ACM conference on Computer and communications security
Dynamic pharming attacks and locked same-origin policies for web browsers
Proceedings of the 14th ACM conference on Computer and communications security
ACM SIGACT News
International Journal of Applied Cryptography
You've been warned: an empirical study of the effectiveness of web browser phishing warnings
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Securing network input via a trusted input proxy
HOTSEC'07 Proceedings of the 2nd USENIX workshop on Hot topics in security
Forcehttps: protecting high-security web sites from network attacks
Proceedings of the 17th international conference on World Wide Web
Provably secure browser-based user-aware mutual authentication over TLS
Proceedings of the 2008 ACM symposium on Information, computer and communications security
Using salience differentials to making visual cues noticeable
UPSEC'08 Proceedings of the 1st Conference on Usability, Psychology, and Security
RUST: a retargetable usability testbed for website authentication technologies
UPSEC'08 Proceedings of the 1st Conference on Usability, Psychology, and Security
A user study design for comparing the security of registration protocols
UPSEC'08 Proceedings of the 1st Conference on Usability, Psychology, and Security
Security and identification indicators for browsers against spoofing and phishing attacks
ACM Transactions on Internet Technology (TOIT)
Perspectives: improving SSH-style host authentication with multi-path probing
ATC'08 USENIX 2008 Annual Technical Conference on Annual Technical Conference
Analyzing websites for user-visible security design flaws
Proceedings of the 4th symposium on Usable privacy and security
Enforcing User-Aware Browser-Based Mutual Authentication with Strong Locked Same Origin Policy
ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
POSH: a generalized captcha with security applications
Proceedings of the 1st ACM workshop on Workshop on AISec
Stronger TLS bindings for SAML assertions and SAML artifacts
Proceedings of the 2008 ACM workshop on Secure web services
A Browser-Based Kerberos Authentication Scheme
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Exploring User Reactions to New Browser Cues for Extended Validation Certificates
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Threat Modelling in User Performed Authentication
ICICS '08 Proceedings of the 10th International Conference on Information and Communications Security
A Universally Composable Framework for the Analysis of Browser-Based Security Protocols
ProvSec '08 Proceedings of the 2nd International Conference on Provable Security
There is no free phish: an analysis of "free" and live phishing kits
WOOT'08 Proceedings of the 2nd conference on USENIX Workshop on offensive technologies
On user involvement in production of images used in visual authentication
Journal of Visual Languages and Computing
E-Mail Classification for Phishing Defense
ECIR '09 Proceedings of the 31th European Conference on IR Research on Advances in Information Retrieval
Usability meets access control: challenges and research opportunities
Proceedings of the 14th ACM symposium on Access control models and technologies
1 + 1 = you: measuring the comprehensibility of metaphors for configuring backup authentication
Proceedings of the 5th Symposium on Usable Privacy and Security
User-aware provably secure protocols for browser-based mutual authentication
International Journal of Applied Cryptography
Risks of the CardSpace Protocol
ISC '09 Proceedings of the 12th International Conference on Information Security
Adaptive Security Dialogs for Improved Security Behavior of Users
INTERACT '09 Proceedings of the 12th IFIP TC 13 International Conference on Human-Computer Interaction: Part I
Mixed-initiative security agents
Proceedings of the 2nd ACM workshop on Security and artificial intelligence
Browser interfaces and extended validation SSL certificates: an empirical study
Proceedings of the 2009 ACM workshop on Cloud computing security
Security, privacy, and usability: a high common ground
CNIS '07 Proceedings of the Fourth IASTED International Conference on Communication, Network and Information Security
So long, and no thanks for the externalities: the rational rejection of security advice by users
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
BogusBiter: A transparent protection against phishing attacks
ACM Transactions on Internet Technology (TOIT)
SSLock: sustaining the trust on entities brought by SSL
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Security in practice - security-usability chasm
ICISS'07 Proceedings of the 3rd international conference on Information systems security
Sensitive data requests: do sites ask correctly?
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
Crying wolf: an empirical study of SSL warning effectiveness
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Multi-factor password-authenticated key exchange
AISC '10 Proceedings of the Eighth Australasian Conference on Information Security - Volume 105
OpenIDemail enabled browser: towards fixing the broken web single sign-on triangle
Proceedings of the 6th ACM workshop on Digital identity management
A billion keys, but few locks: the crisis of web single sign-on
Proceedings of the 2010 workshop on New security paradigms
Identifying and resolving hidden text salting
IEEE Transactions on Information Forensics and Security
Informing security indicator design in web browsers
Proceedings of the 2011 iConference
The dark side of the Internet: Attacks, costs and responses
Information Systems
Reinforcing bad behaviour: the misuse of security indicators on popular websites
Proceedings of the 22nd Conference of the Computer-Human Interaction Special Interest Group of Australia on Computer-Human Interaction
How HCI design influences web security decisions
Proceedings of the 22nd Conference of the Computer-Human Interaction Special Interest Group of Australia on Computer-Human Interaction
Does domain highlighting help people identify phishing sites?
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Towards user-friendly credential transfer on open credential platforms
ACNS'11 Proceedings of the 9th international conference on Applied cryptography and network security
A comparative usability evaluation of traditional password managers
ICISC'10 Proceedings of the 13th international conference on Information security and cryptology
Forcing johnny to login safely: long-term user study of forcing and training login mechanisms
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Tensions in developing a secure collective information practice - the case of agile ridesharing
INTERACT'11 Proceedings of the 13th IFIP TC 13 international conference on Human-computer interaction - Volume Part II
A field study of user behavior and perceptions in smartcard authentication
INTERACT'11 Proceedings of the 13th IFIP TC 13 international conference on Human-computer interaction - Volume Part IV
Improving computer security dialogs
INTERACT'11 Proceedings of the 13th IFIP TC 13 international conference on Human-computer interaction - Volume Part IV
Communications of the ACM
Proceedings of the 2011 workshop on New security paradigms workshop
The security cost of cheap user interaction
Proceedings of the 2011 workshop on New security paradigms workshop
Trusted computing enhanced user authentication with OpenID and trustworthy user interface
International Journal of Internet Technology and Secured Transactions
PhorceField: a phish-proof password ceremony
Proceedings of the 27th Annual Computer Security Applications Conference
An empirical study of visual security cues to prevent the SSLstripping attack
Proceedings of the 27th Annual Computer Security Applications Conference
A brick wall, a locked door, and a bandit: a physical security metaphor for firewall warnings
Proceedings of the Seventh Symposium on Usable Privacy and Security
Using data type based security alert dialogs to raise online security awareness
Proceedings of the Seventh Symposium on Usable Privacy and Security
Proceedings of the Seventh Symposium on Usable Privacy and Security
What makes users refuse web single sign-on?: an empirical investigation of OpenID
Proceedings of the Seventh Symposium on Usable Privacy and Security
TruWalletM: secure web authentication on mobile platforms
INTRUST'10 Proceedings of the Second international conference on Trusted Systems
SignatureCheck: a protocol to detect man-in-the-middle attack in SSL
Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research
Practical end-to-end web content integrity
Proceedings of the 21st international conference on World Wide Web
One-time cookies: Preventing session hijacking attacks with stateless authentication tokens
ACM Transactions on Internet Technology (TOIT)
Android permissions: user attention, comprehension, and behavior
Proceedings of the Eighth Symposium on Usable Privacy and Security
Use of ratings from personalized communities for trustworthy application installation
NordSec'10 Proceedings of the 15th Nordic conference on Information Security Technology for Applications
Cloud terminal: secure access to sensitive applications from untrusted systems
USENIX ATC'12 Proceedings of the 2012 USENIX conference on Annual Technical Conference
User interface toolkit mechanisms for securing interface elements
Proceedings of the 25th annual ACM symposium on User interface software and technology
Proceedings of the 2012 ACM conference on Computer and communications security
Measuring SSL indicators on mobile browsers: extended life, or end of the road?
ISC'12 Proceedings of the 15th international conference on Information Security
Understanding the weaknesses of human-protocol interaction
FC'12 Proceedings of the 16th international conference on Financial Cryptography and Data Security
A client-centric ASM-based approach to identity management in cloud computing
ER'12 Proceedings of the 2012 international conference on Advances in Conceptual Modeling
Preventing the revealing of online passwords to inappropriate websites with logininspector
lisa'12 Proceedings of the 26th international conference on Large Installation System Administration: strategies, tools, and techniques
Comparative eye tracking of experts and novices in web single sign-on
Proceedings of the third ACM conference on Data and application security and privacy
ScreenPass: secure password entry on touchscreen devices
Proceeding of the 11th annual international conference on Mobile systems, applications, and services
Supporting visual security cues for WebView-based Android apps
Proceedings of the 28th Annual ACM Symposium on Applied Computing
Embassies: radically refactoring the web
nsdi'13 Proceedings of the 10th USENIX conference on Networked Systems Design and Implementation
Your attention please: designing security-decision UIs to make genuine risks harder to ignore
Proceedings of the Ninth Symposium on Usable Privacy and Security
On the ecological validity of a password study
Proceedings of the Ninth Symposium on Usable Privacy and Security
Towards a secure human-and-computer mutual authentication protocol
AISC '12 Proceedings of the Tenth Australasian Information Security Conference - Volume 125
Secure enrollment and practical migration for mobile trusted execution environments
Proceedings of the Third ACM workshop on Security and privacy in smartphones & mobile devices
Investigating Users’ Perspectives of Web Single Sign-On: Conceptual Gaps and Acceptance Model
ACM Transactions on Internet Technology (TOIT)
Securing embedded user interfaces: Android and beyond
SEC'13 Proceedings of the 22nd USENIX conference on Security
Alice in warningland: a large-scale field study of browser security warning effectiveness
SEC'13 Proceedings of the 22nd USENIX conference on Security
On the security of picture gesture authentication
SEC'13 Proceedings of the 22nd USENIX conference on Security
"Who decides?": security and privacy in the wild
Proceedings of the 25th Australian Computer-Human Interaction Conference: Augmentation, Application, Innovation, Collaboration
Exploring the impact of trust information visualization on mobile application usage
Personal and Ubiquitous Computing
Forcing Johnny to login safely
Journal of Computer Security - Research in Computer Security and Privacy: Emerging Trends
WebCallerID: Leveraging cellular networks for Web authentication
Journal of Computer Security
Hi-index | 0.02 |
We evaluate website authentication measures that are designed to protect users from man-in-the-middle, "phishing', and other site forgery attacks. We asked 67 bank customers to conduct common online banking tasks. Each time they logged in, we presented increasingly alarming clues that their connection was insecure. First, we removed HTTPS indicators. Next, we removed the participant's site-authentication image-the customer-selected image that many websites now expect their users to verify before entering their passwords. Finally, we replaced the bank's password-entry page with a warning page. After each clue, we determined whether participants entered their passwords or withheld them. We also investigate how a study's design affects participant behavior: we asked some participants to play a role and others to use their own accounts and passwords. We also presented some participants with security-focused instructions. We confirm prior findings that users ignore HTTPS indicators: no participants withheld their passwords when these indicators were removed. We present the first empirical investigation of site-authentication images, and we find them to be ineffective: even when we removed them, 23 of the 25 (92%) participants who used their own accounts entered their passwords. We also contribute the first empirical evidence that role playing affects participants' security behavior: role-playing participants behaved significantly less securely than those using their own passwords.