1 / 9

Eru Penkman

What makes users refuse web single sign-on? An empirical investigation of OpenID S.-T. Sun, E. Pospisil , I. Muslukhov , N. Dindar , K. Hawkey , and K. Beznosov SOUPS '11. ACM, 2011, pp. 4:1 - 4:20. Eru Penkman. epen234 . What Is OpenID ?.

maxima
Download Presentation

Eru Penkman

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. What makes users refuse web single sign-on? An empirical investigation of OpenIDS.-T. Sun, E. Pospisil, I. Muslukhov, N. Dindar, K. Hawkey,and K. BeznosovSOUPS '11. ACM, 2011, pp. 4:1 - 4:20 EruPenkman epen234

  2. What Is OpenID? • Sign in with trusted identity provider (Google, Facebook, etc.) • Identity provider confirms your identity to a third party • Only the identity provider knows your password

  3. Users Don’t Trust OpenID Most users believe that their password is being shared with every website where they use OpenID, this paper presents improvements that can increase user understanding and adoption of OpenID.

  4. This study is practical They provide recommendations for websites and software developers to improve the usability of single sign on; their recommendations, can result in greatly increase usage of single sign on.

  5. Possible to Misinterpret The study outlines several symptoms but does not sufficiently explain the causes of each symptom.

  6. Two Core issues • Users have an incorrect mental model of OpenID • They believe that their password is being shared with every website that they login to. • OpenID presents a single point of failure • Vulnerable to phishing

  7. Multiple symptoms • Single point of failure (26%) • Believe their passwords are being shared(71%) • Cannot spot phishing forms (50%) • Hesitant to release profile information(40%) • Concern about untrustworthy websites(36%)

  8. Improvements? 70% of users believed that their passwords were shared with every site where they used OpenID. How can the login interface be improved so that users understand that their passwords are not being shared?

  9. Questions?

More Related