Category Archives: usable security
Two Ph.D. student vacancies
There are two Ph.D. student positions available at my research group LERSSE. Ph.D. students are accepted with full support in the form of research assistantships and positions are available for starting in September 2012. Application deadline is December 1!
Towards Usable Web Single Sign-On
OpenID is an open and promising Web single sign-on (SSO) solution. The research led by my Ph.D. student San-Tsai Sun investigates the challenges and concerns web users face when using OpenID for authentication, and identifies what changes in the login … Continue reading
The Lab Study Troubles
Can real behavior of users, when it comes to security decisions, be observed in lab studies? A recent paper from my research group sheds light on this question. Initially, our goal was quite different. We replicated and extended a 2008 … Continue reading
Comments Off
Filed under usable security
Can Metaphors of Physiscal Security Work for Computers?
There is evidence that the communication of security risks to home computer users has been unsuccessful. Prior research has found that users do not heed risk communications, that they do not read security warning texts, and that they ignore them. … Continue reading
Heuristics for Evaluating IT Security Management Tools
The usability of IT security management (ITSM) tools is hard to evaluate by regular methods, making heuristic evaluation attractive. However, standard usability heuristics (e.g., Nielsen’s) are hard to apply, as IT security management occurs within a complex and collaborative context … Continue reading
Have users signed up?
I participated in a panel “Password Managers, Single Sign-On, Federated ID: Have users signed up?” at Workshop on The Future of User Authentication and Authorization on the Web: Challenges in Current Practice, New Threats, and Research Directions, which was collocated … Continue reading
Is OpenID too Open? Technical, Business, and Human Issues That Get in the Way of OpenID and Ways of Addressing Them
The web is essential for business and personal activities well beyond information retrieval, such online banking, financial transactions, and payment authorization, but reliable user authentication remains a challenge. OpenID is a mainstream Web single sign-on (SSO) solution intended for Internet-scale … Continue reading
CHI Work in Progress to Feature LERSSE Research
This year, in Vancouver, Work In Progress Posters session of SIG CHI Conference will feature three research projects of my graduate students.
Undergrad Security Course Features Cool Projects
Students in my undergraduate computer security course had done several excellent projects. You can watch video clips of the projects or read reports.
Filed under human factos in security, other, usable security, web security
Lessons learned from studying users’ mental models of security
I gave a talk at Microsoft Research on user mental models of security. Continue reading
Filed under mental models of security, usable security, web security
