1 / 25

Get A Clue: Location-Based recall for Password Authentication on Mobile Device

#GHC13. Get A Clue: Location-Based recall for Password Authentication on Mobile Device. Ann-Marie Horcher Nova Southeastern University October 3, 2013. 2013. Overview. Describing the Mobile experience (Internet in your pocket) Why current solutions don’t work

nell
Download Presentation

Get A Clue: Location-Based recall for Password Authentication on Mobile Device

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. #GHC13 Get A Clue: Location-Based recall for Password Authentication on Mobile Device Ann-Marie Horcher Nova Southeastern University October 3, 2013 2013

  2. Overview • Describing the Mobile experience (Internet in your pocket) • Why current solutions don’t work • Why we still have to solve the problem • Project Runway analogy • Why I am solving this problem (ulterior motive and the big picture) • How I am solving the problem • How will I know it is better

  3. Mobile experience • Internet in your pocket (or purse) • Instant updates and feedback • Small, portable devicesSecurity experience on the mobile is less than optimal

  4. Mobile Security still uses passwords • Most commonly used method of authentication • Available on almost any device • Least common denominator

  5. Good Security Now • SimsonGarfinkel’s security-usability principle • Must provide the best security with what is currently available instead of waiting for the ultimate security technology

  6. The problem with Passwords Desgined on workstation -- Mobile

  7. Mobile Authentication

  8. Multiple password Password

  9. Remembering Passwords • You are not remembering 1, you are remembering many • Short-term memory holds about 4 pieces of unrelated information

  10. Not if, but when will you fail

  11. Eidetic (photgaphic) memory • 3 people documented in the history of mankind • Stephen Wiltshire. He is capable of drawing the entire skyline of a city after a helicopter ride. • Kim Peek, prodigious savant and inspiration for the character Raymond Babbit, played by Dustin Hoffman in the film Rain Man. • Daniel Tammet, holder of the European record for reciting Pi to 22,514 digits

  12. Project Runway moment • Unconventional materials challenge (must create new techniques) • Let the fabric speak to you (Use the strengths of the material) • Don’t over-design (Nature seeks the simplest path • More Complicated <> more secure • Harder to use <> more secure • Make it WORK! (good security now)

  13. Cued-recallLocation-basedUserEntry (CLUE) Provide password/userid hints for commonly used Internet Sites requiring authentication. Security settings are based on GPS location. Risk varies by location. More security than needed consumes constrained resources. Security is a tradeoff between risk and vulnerability

  14. Security mode

  15. Menu of websites by category websites Current GPS Security mode Home LOCN LOGO Welcome to CLUE Carousel Slider of most recently used sites Favorite websites Most recent by default Footer Recent#1 Recent #2 Recent #3 Recent #4 Popup toolbar with commands Pop-up toolbar Set LOCN Add Site Add Category Help

  16. Use Case 1 – User knows userid and password Public URL link Work URL Link userid Success in Site Access Choose a recent site Home URL Link Userid Hint

  17. Use Case 2 – User knows userid and not password External Recovery process Public URL link recovered NO YES NO UID cues Password recall Fail Work URL Link userid Choose site YES NO Home URL Link Userid Hint Hint cues Password recall YES Success Site Access

  18. Use Case 3 – User knows neither userid nor password NO External Recovery process recovered Public URL link YES NO UID cues Password recall Work URL Link userid Fail Choose site YES NO Home URL Link Userid Hint Hint cues Password recall YES Success Site Access

  19. Use Case 4 – User knows password and not userid YES External Recovery process recovered Public URL link NO Fail Work URL Link userid Choose site YES Home URL Link Userid Hint Success Site Access YES

  20. External Recovery process External Recovery Process Reset success NO Provide recovered UID or PW Click recovery link YES NO Reset required Provide Identifying information Use recovery info to attempt authentication reset YES Correct ID info Receive recovery information Repeat reset YES YES Exit NO

  21. Measures

  22. Standardized User Survey (SUS) • Compare data gathered from actual usage with user subjective assessment

  23. Measuring Security-Usability of Mobile Devices as Energy: Conservation of energy in human-computer interfaces The Challenge of Security HCI Security is not the primary objective of the user. All energy spent navigating security detracts from primary use. mobile Conserving Energy Research Problem Usability is measured by user response, which makes quantifying the result problematic . Perceiving usability as energy conserved could provide a quantified measure Thermodynamics (engine) • Research Questions • What significant components make up the energy expended by the user to navigate the security interface on a mobile device? • Can the user assessment of usability of security interface on a mobile device be predicted by measuring whether user energy is conserved? Desired usage Security Usability Energy Conversion Device Power User Form Security Effort Factors Interface Energy Input Security • Hypotheses • H0 – There are no significant components to the security interface of a mobile device that expend user energy • H1 – Conserving power is a significant component • H2 – Conserving form factor manipulation is a significant component. • H3 – Conserving user cognitive effort is a significant component • H4 – Conserving the user energy expended will have no impact on the user assessment of usability • Finding the simplest path: • L = T – V Nature seeks Measure something • Simplest Path to know it • Lagrange Einstein Kelvin Desired use of app • Research Method • Survey on Amazon Turk to validate which components users find significant energy expenditure • Experiment with instrumented security interface that tracks where energy is expended for significant components • Standardizes User Survey (SUS) to assess level of user satisfaction with the interfaces where energy is conserved • Key References • Gebauer, J., Kline, D. M, & He, L. . (2011). Password Security Risk versus Effort: An Exploratory Study on User-Perceived Risk and the Intention to Use Online Applications Journal of Information Systems Applied Research, 4(2), 52-62. • Ben-Naim, Arieh. (2010). Discover Entropy and the Second Law of Thermodynamics: A Playful Way of Discovering a Law of Nature: World Scientific Publishing Co., Inc.

  24. Got Feedback? Questions – see me at the Systers lunch or the party Thursday. www.ann-mariehorcher.com Rate and Review the session using the GHC Mobile App To download visit www.gracehopper.org

More Related