A usability study and critique of two password managers

15th USENIX Security Symposium

Volumn , Issue , 2006, Pages 1-16

  Chiasson, Sonia ^a   van Oorschot, P C ^a   Biddle, Robert ^a  

^a CARLETON UNIVERSITY   (Canada)

Author keywords

[No Author keywords available]

Indexed keywords

AUTHENTICATION; MANAGERS;

MENTAL MODEL; PASSWORD MANAGERS; PROTECTION MECHANISMS; USABILITY PROBLEMS; USABILITY STUDIES;

USABILITY ENGINEERING;

EID: 80052801173     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (34)

1. A. Adams and M.A. Sasse. Users are not the enemy. Comm. of the ACM, 42(12):41–46, 1999.
2. R. Anderson. Why cryptosystems fail. In Proceedings of the 1st ACM Conference on Computer and Communications Security., December 1993.
3. J.M. Carroll, P.L. Smith-Kerker, J.R. Ford, and S.A. Mazur-Rimetz. The minimal manual. Human-Computer Interaction, 3:123–153, 1987-1988.
4. L.F. Cranor and S. Garfinkel. Security and Usability: Designing Systems that People Can Use. O’Reilly Media, edited collection edition, 2005.
5. D. Davis. Compliance defects in public key cryptography. In Proceedings of the 6th USENIX Security Symposium, July 1996.
6. D. Davis, F. Monrose, and M. Reiter. On user choice in graphical password schemes. In Proceedings of the 13th USENIX Security Symposium, August 2004.
7. R. DePaula, X. Ding, P. Dourish, K. Nies, B. Pillet, D. Redmiles, J. Ren, J. Rode, and R. Silva Filho. Two experiences designing for effective security. In First Symposium on Usable Privacy and Security (SOUPS 2005), Pittsburgh, July 2005.
8. R. Dhamija and A. Perrig. Déjà Vu: A User Study Using Images for Authentication. In Proceedings of the 9th USENIX Security Symposium, 2000.
9. L. Faulkner. Beyond the five-user assumption: Benefits of increased sample sizes in usability testing. Behavior Research Methods, Instruments, & Computers, 35(3):379–383, 2003.
10. S.L. Garfinkel and R.C. Miller. Johnny 2: A User Test of Key Continuity Management with S/MIME and Outlook Express. In First Symposium on Usable Privacy and Security (SOUPS 2005), Pittsburgh, July 2005.
11. J. Halderman, B. Waters, and E. Felten. A convenient method for securely managing passwords. In Proceedings of the 14th International World Wide Web Conference, 2005.
12. J. Alex Halderman. Password Multiplier web site, www.cs.princeton.edu/~jhalderm/projects/password/, accessed January 2006.
13. A. Karp. Site-specific passwords. Technical report, Hewlett-Packard Laboratories, January 2002.
14. J. LaPoutre. Password Composer web site, http://www.xs4all.nl/~jlpoutre/BoT/Javascript/, accessed January 2006.
15. Password Maker web site, http://passwordmaker.org/, accessed January 2006.
16. R. Likert. A technique for the measurement of attitudes. Archives of Psychology, 140, June 1932.
17. B. Myers. Why are human-computer interfaces difficult to design and implement? Technical Report CMU-CS-93-183, Carnegie Mellon University, Department of Computer Science, 1993.
18. J. Nielsen. Usability Engineering. Boston: AP Professional, 1993.
19. J. Nielsen and R.L. Mack. Usability Inspection Methods. John Wiley & Sons, Inc, 1994.
20. D.A. Norman. Cognitive engineering. In D.A. Norman and S.W. Draper, editors, User Centered System Design: New Perspectives on Human-Computer Interaction, chapter 3, pages 31–62. Lawrence Erlbaum Associates, Publishers: Hillsdale, NJ, 1986.
21. D.A. Norman. The Design of Everyday Things. Basic Books, 1988.
22. C. Perfetti and L. Landesman. Eight is not enough. User Interface Engineering, 2001.
23. K. Renaud. Evaluating Authentication Mechanisms. In L.F Cranor and S. Garfinkel, editors, Security and Usability, chapter 6, pages 103–128. O’Reilly Media, 2005.
24. B. Ross, C. Jackson, N. Miyake, D. Boneh, and J. Mitchell. Stronger password authentication using browser extensions. In Proceedings of the 14th USENIX Security Symposium, Baltimore, August 2005.
25. J.H. Saltzer and M.D. Schroeder. The protection of information in computer systems. Proceedings of the IEEE, 63(9):1278–1308, 1975.
26. M.A Sasse and I. Flechais. Usable Security: Why do we need it? How do we get it? In L.F. Cranor and S. Garfinkel, editors, Security and Usability, chapter 2, pages 13–30. O’Reilly Media, 2005.
27. B. Shneiderman. Designing the User Interface. Addison Wesley, 3rd edition, 1998.
28. J. Spool and W. Schroeder. Testing web sites: Five users is nowhere near enough. In Proceedings of ACM Conference on Human Factors in Computing Systems (CHI 2001), 2001.
29. R.A. Virzi. Refining the test phase of usability evaluation: How many subjects is enough? Human Factors, 34:457–468, 1992.
30. D. Weinshall. Cognitive Authentication Schemes Safe Against Spyware (Short Paper). In Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, May 2006.
31. A. Whitten and J.D. Tygar. Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0. In Proceedings of the 8th USENIX Security Symposium, Washington, D.C., August 1999.
32. S. Wiedenbeck, J. Waters, J.-C. Birget, A. Broditskiy, and N. Memon. Authentication Using Graphical Passwords: Effects of Tolerance and Image Choice. In First Symposium on Usable Privacy and Security (SOUPS 2005), Pittsburgh, July 2005.
33. N. Wolff. Password Generator web site, http://angel.net/~nic/, accessed January 2006.
34. M.E. Zurko and Richard T. Simon. User-centered security. In Proceedings of the 1996 New Security Paradigms Workshop, pages 27–33, Lake Arrowhead, CA USA, 1996. ACM.