Category Archives: mental models of security

What Affected the Adoption of Information Tracking Solutions During COVID-19 Pandemic

Numerous information-tracking solutions have been implemented worldwide to fight the COVID-19 pandemic. While prior work has heavily explored the factors affecting people’s willingness to adopt contact tracing solutions, numerous countries have implemented other information tracking solutions that use more and more sensitive data.

Continue reading

Why Mobile Crypto-Wallets Are Hard to Use

Over the past years, the cryptocurrency domain has grown substantially. The corresponding user base has also changed significantly and is no longer only made up of cypherpunks and computer experts as was the case in the early days of Bitcoin. Managing these cryptocurrencies, however, has been found to be challenging for the users and it remains largely unknown what features of current wallets contribute to the poor UX, why, and to what extent. Artemij Voskobojnikov, PhD candidate in my research group, has led a collaboration with Freie Universität Berlin researchers that investigated this exact question.

Continue reading

On Smartphone Users’ Difficulty with Understanding Implicit Authentication

Implicit authentication (IA) has recently become a popular approach for providing physical security on smartphones. It relies on behavioral traits (e.g., gait patterns) for user identification, instead of biometric data or knowledge of a passcode. However, it is not yet known whether users can understand the semantics of this technology well enough to use it properly.

Continue reading

Is Implicit Authentication on Smartphones Really Popular?

Get to know Google Smart Lock for Android | Avast

Implicit authentication (IA) on smartphones leverages behavioral and contextual data to identify users without requiring explicit input, and thus can alleviate the burden of smartphone unlocking. In a collaboration with Samsung Research, Masoud Mehrabi Koushki,, a PhD candidate in my research group, has led an exploration of how would smartphone users perceive a commercialized IA scheme in a realistic setting?

Continue reading

On the Challenges of Designing Online Systems for Reporting Sexual Assault

According to the US Department of Justice, every 73 seconds, an American is sexually assaulted. However, sexual assault is under-reported. Globally, 95% of sexual assault cases are unreported, and at most, 5 out of every 1,000 perpetrators end up in prison. Online anonymous third-party reporting systems are being developed to encourage reporting of sexual assaults and to apprehend serial offenders.

Continue reading

“Amazon vs. My Brother” Receives a Honourable Mention Award

Paper co-authored by my PhD students  Yue Huang and Borke Obada-Obieh has received a Honourable Mention award at CHI 2020. Such awards are given to top 2-6% submissions.

Yue and Borke spoke to 26 Canadian adults who used shared smart speakers at home, including Amazon Echo, Google Home and Apple HomePod. We found that participants not only worried about keeping their data safe from the manufacturer or other entities; they also feared potential misuse of the device by people they actually live with and know.

Continue reading

Smartphone Users’ Family, Friends, and Other Enemies

The number of smartphone users worldwide was expected to surpass 2 billion in 2016. To protect personal and other sensitive information from unauthorized access, some smartphone users lock their phones. Yet, others don’t, risking the data and online services accessible through their devices. The risks emanate from both device thieves and those who belong to the users’ social circles, so called social insiders. In 2014, 2.1 million Americans (under 2%) had phones stolen. Continue reading

Investigation of Phishing Avoidance

phishing_studyThis paper reports on a design and development of a mobile game prototype as an educational tool helping computer users to protect themselves against phishing attacks. The elements of a game design framework for avoiding phishing attacks were used to address the game design issues. Our mobile game design aimed to enhance the users’ avoidance behaviour through motivation to protect themselves against phishing threats. Continue reading

San-Tsai Sun defends his Ph.D. dissertation on Web Single Sign-On Systems and graduates

San-TsaiMy Ph.D. student San-Tsai Sun has successfully defended and submitted the final version of his thesis “Towards Improving the Usability and Security of Web Single Sign-On Systems.” He’s moving back to industry, where he will be applying his expertise in web security to real-world systems. Congratulations to San-Tsai on very successful completion of the Ph.D. program, with many quality publications.

Towards Usable Web Single Sign-On

Steps for SSO user experience with the proposed IDeB browser

OpenID is an open and promising Web single sign-on (SSO) solution. The research led by my Ph.D. student San-Tsai Sun investigates the challenges and concerns web users face when using OpenID for authentication, and identifies what changes in the login flow could improve the users’ experience and adoption incentives. Continue reading