The seven flaws of identity management: Usability and security challenges

IEEE Security and Privacy

Volumn 6, Issue 2, 2008, Pages 24-29

  Dhamija, Rachna ^a   Dusseault, Lisa ^b  

^a HARVARD UNIVERSITY   (United States)

^b CommerceNet ^*

Author keywords

Identity management; Privacy; Usability

Indexed keywords

IDENTITY MANAGEMENT; INFORMATION LEAKAGE;

COST ACCOUNTING; PROBLEM SOLVING; SECURITY OF DATA; USABILITY ENGINEERING;

COMPUTER SYSTEM FIREWALLS;

EID: 41949139623     PISSN: 15407993     EISSN: None     Source Type: Journal    
DOI: 10.1109/MSP.2008.49     Document Type: Article

References (20)

1. A. Acquisti and J. Grossklags, "Privacy and Rationality in Decision Making," IEEE Security & Privacy, vol. 3, no. 1, 2005, pp. 26-33.
2. B. Fitzpatrick and D. Recordou, "Thoughts on the Social Graph;" http://bradfitz.coin/social-graph-problem/.
3. A. Adams and M.A. Sasse, "Users Are Not the Enemy: Why Users Compromise Security Mechanisms and How to Take Remedial Measures," Comm. ACM, vol. 42, no. 12, 1999, pp. 40-46.
4. R. Dhamija, J.D. Tygar, and M. Hearst, "Why Phishing Works," Proc. Conf. Human Factors in Computing Systems (CHI 06), ACM Press, 2006, pp. 581-590.
5. McAfee-NCSA Online Safety Study, Oct. 2007; www.staysafeonline.info/news/ ainericanslackprotection.html.
6. AOL/NCSA Online Safety Study, Dec. 2005; www.staysafeonline.info/pdf/ safety_study_2005.pdf.
7. D. Florencio and C. Herley, "A Large Scale Study of Web Password Habits," Proc. Int'l Word Wide Web Conf. (WWW 07), ACM Press, 2007, pp. 657-665.
8. R. Dhamija and A. Perrig, "Déjà Vu: A User Study-Using Images for Authentication," Proc. 9th Usenix Security Symp., Usenix Assoc., 2000, pp. 45-58.
9. B.M. Gross and E.F. Churchill, "Addressing Constraints: Multiple Usernames Task Spillage and Notions of Identity," Proc. Conf. Human Factors in Computing Systems: Extended Abstracts (CHI 07), ACM Press, 2007, pp. 2393-2398.
10. K. Cameron, "Laws of Identity," blog, May 2005; w w.identityblog.com/stories/2004/12/09/thelaws.html.
11. E. Maler, "r-e-s-p-e-c-t," blog, 19 June 2006; www.xinlgrrl.com/blog/archives/2006/06/19/r-e-s-p-e-c-t/.
12. N. Good et al., "Stopping Spyware at the Gate: A User Study of Privacy, Notice, and Spyware," Proc. Symp. Usable Privacy and Security (SOUPS 05), ACM Press, 2005, pp. 43-52.
13. J. Grossklags and N. Good, "Empirical Studies on Software Notices to Inform Policy Makers and Usability Designers," Proc. Usable Security (USEC 07), Lecture Notes in Computer Science, Springer, 2007.
14. M.S. Wogalter and W.J. Vigilante, "Attention Switch and Maintenance," Handbook of Warnings, M.S. Wogalter, ed., Lawrence Erlbaum Assoc., 2006, pp. 245-265.
15. D.A. Norman, Design Rules Based on Analyses of Human Error," Comm. ACM, vol. 26, no. 4, 1983, pp. 254-258.
16. B. Schwartz, "The Tyranny of Choice," Scientific Am., Apr. 2004, pp. 71-75.
17. S. Schechteret al., "The Emperor's New Security Indicators," Proc. IEEE Symp. Security and Privacy, IEEE CS Press, 2007, pp. 51-65.
18. J. Franks, et al., "RFC2617: HTTP Authentication: Basic and Digest Access Authentication," June 1999; www.ietf.org/rfc/rfc2617.txt.
19. Privacy Rights Clearinghouse, Chronology of Data Breaches, www.privacyrights.org/ar/ChronDataBreaches.htm.
20. R. Stern, "What Happened in Vegas...," Phoenix New Times, 31 May 2007; www.phoenixnewtimes.com/2007-05-31/news/what-happened- in-vegas/full.