A field study of user behavior and perceptions in smartcard authentication

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 6949 LNCS, Issue PART 4, 2011, Pages 1-17

  Paul, Celeste Lyn ^a   Morse, Emile ^b   Zhang, Aiping ^b   Choong, Yee Yin ^b   Theofanos, Mary ^b  

^a UNIVERSITY OF MARYLAND BALTIMORE COUNTY   (United States)

^b NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY   (United States)

Author keywords

Human factors; multi factor authentication; security; smartcard

Indexed keywords

AUTHENTICATION SYSTEMS; ETHNOGRAPHIC METHODS; FIELD OBSERVATIONS; FIELD STUDIES; MULTI-FACTOR AUTHENTICATION; PERCEIVED BENEFITS; SECURITY; USER BEHAVIORS; WORK PROCESS; POSITIVE EXPERIENCES;

AUTHENTICATION; HUMAN COMPUTER INTERACTION; HUMAN ENGINEERING; NETWORK SECURITY; SMART CARDS; BEHAVIORAL RESEARCH;

BEHAVIORAL RESEARCH; HUMAN COMPUTER INTERACTION;

EID: 80052797960     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-23768-3_1     Document Type: Conference Paper

References (26)

1. Arora, S.: National e-ID card schemes: A European overview. Information Security Technical Report 13(2), 46-53 (2008)
2. Aussel, J.: Smartcards and Digital Security. Computer Network Security 1, 42-56 (2007)
3. Baldwin, M. K., Malone, B. M.: Utilizing Smart Cards for Authentication and Compliance Tracking in a Diabetes Case Management System. In: Proceedings of ACM Conference on Software Engineering, pp. 521-522 (2008)
4. Brainard, J., Juels, A., Rivest, R. L., Szydlo, M., Yung, M.: Fourth-Factor Authentication: Somebody You Know. In: Proceedings of ACM CCS, pp. 168-178 y (2006)
5. Braz, C., Robert, J. M.: Security and Usability: The Case of the User Authentication Methods. In: Proceedings of d'Interaction Homme-Machine, pp. 199-203 (2006)
6. Florencio, D., Herley, C.: A large-scale study of web password habits. In: Proceedings of ACM Conference on the World Wide Web, pp. 657-666 (2007)
7. Herley, C.: So Long and No Thanks for the Externalities: The Rational Rejection of Security Advice by Users. In: Proceedings of New Security Perspectives Workshop 2009 (2009)
8. Identity, Credential and Access Management Subcommittee.: The Realized Value of the Federal Public Key Infrastructure (FPKI) v1.0.0. January 29 (2010), http://www.idmanagement.gov
9. Information Technology Sector Coordinating Council.: Response to White House Cyber Review Questions. ITSCC March 20 (2009), http://www.it-scc.org/ documents/itscc/ ITSCCandCommunicationsSCCJointResponsetotheWhiteHouseCyberspacePolicyReview-3- 20-2009.pdf
10. Inglesant, P. G., Sasse, M. A.: The true cost of unusable password policies: password use in the wild. In: Proceedings of ACM Conference on Computer-Human Interaction, pp. 383-392 (2010)
11. Irwin, C. S., Taylor, D. C.: Identity, Credential, and Access Management at NASA, from Zachman to Attributes. In: Proceedings of IDtrust 2009, pp. 1-14 (2009)
12. Jakobsson, M., Shi, E., Golle, P., Chow, R.: Implicit Authentication for Mobile Devices. In: Proceedings of USENIX Workshop on HotSec (2009)
13. Karger, P. A.: Privacy and Security Threat Analysis of the Federal Employee Personal Identity Verification (PIV) Program. In: Proceedings of the Symposium on Usable Privacy and Security 2006, pp. 114-121 (2006)
14. Murdoch, S. J., Drimer, S., Anderson, R., Bond, M.: Chip and PIN is Broken. In: Proceedings of IEEE Symposium on Security & Privacy 2010, pp. 433-446 (2010)
15. National Institute of Standards and Technology: Personal identity verification (PIV) for federal employees and contractors. FIPS PUB 201-1 (2006)
16. O'Gorman, L.: Comparing Passwords, Tokens, and Biometrics for User Authentication. Proc. IEEE 91(12), 2019-2040 (2003)
17. Proctor, R. W., Lien, M. C., Salvendy, G., Schultz, E. E.: A Task Analysis of Usability in Third-Party Authentication. Information Security Bulletin 5(3), 49-56 (2000)
18. Sasse, M. A., Brostoff, S., Weirich, D.: Transforming the 'weakest link' - a human/computer interaction approach to usable and effective security. BT Technology Journal 19(3), 122-131 (2001)
19. Sasse, M. A.: Usability and Trust in Information Systems. In: Cyber Trust & Crime Prevention Project. University College, London (2004)
20. Schechter, S. E., Dhamija, R., Ozment, A., Fischer, I.: The Emperor's New Security Indicators. In: Proceedings of IEEE Symposium on Security & Privacy 2007, pp. 51-65 (2007)
21. Schechter, S., Egelman, S., Reeder, R. W.: It's not what you know, but who you know: a social approach to last-resort authentication. In: Proc. ACM CHI 2009, pp. 1983-1992 (2009)
22. Strouble, D. D., Schechtman, G. M., Alsop, A. S.: Productivity and Usability Effects of Using a Two-Factor Security System. In: Proceedings of SAIS, pp. 196-201 (2009)
23. Summers, W. C., Bosworth, E.: Password policy: the good, the bad, and the ugly. In: Proceedings of WISICT 2004, pp. 1-6 (2004)
24. U. S. Department of Homeland Security: Policy for a common identification standard for federal employees and contractors. Homeland Security Presidential Directive HSPD-12, August 27 (2004)
25. U. S. Department of State: Cost/Benefit Comparison between PKI/BLADE and Passwordbased Authentication v1.0, July 2010 (2010), Point of contact, Steven Gregory, gregoryse@state.gov
26. Weir, C. S., Douglas, G., Richardson, T., Jack, M.: Usable security: User preferences for authentication methods in eBanking and the effects of experience. Interacting with Computers 22(3), 153-164 (2010)