Many people share online accounts, even in situations where high privacy and security are expected. As with everything in life, the sharing of these accounts does not endure forever. In a study conducted by my PhD students Borke Obada-Obieh and Yue Huang, we investigated the privacy and security challenges that people experience when they stop online account sharing.
Continue reading
Paper co-authored by my PhD students Yue Huang and Borke Obada-Obieh has received a Honourable Mention award at CHI 2020. Such awards are given to top 2-6% submissions.
Yue and Borke spoke to 26 Canadian adults who used shared smart speakers at home, including Amazon Echo, Google Home and Apple HomePod. We found that participants not only worried about keeping their data safe from the manufacturer or other entities; they also feared potential misuse of the device by people they actually live with and know.
Continue reading
Nobody wants to spend time unlocking their phones, particularly when it happens some 50 times a day. This is why both industry and academia have been figuring out how to minimize this unwanted overhead, while still keeping smartphones users secure. To improve the technology, developers need to understand how exactly users use it, what works and what does not, what are the patterns of users’ behaviour with the technology. This is the knowledge gap that LERSSE’s alumni Lina Qiu was working on addressing in her Master’s thesis research. Her research investigated the interplay between age and smartphone authentication behavior.
Continue reading
I will be on a panel on “Understanding the Risks and Prevention” at Cyber Security Forum, organized by the Greater Vancouver Board of Trade on October 20.
I was recently asked to speak to the media about WannaCry. While preparing for the interview (see the video below), I’ve realized that this particular case is a good illustration of the various dimensions of cybersecurity: Continue reading
The number of smartphone users worldwide was expected to surpass 2 billion in 2016. To protect personal and other sensitive information from unauthorized access, some smartphone users lock their phones. Yet, others don’t, risking the data and online services accessible through their devices. The risks emanate from both device thieves and those who belong to the users’ social circles, so called social insiders. In 2014, 2.1 million Americans (under 2%) had phones stolen. Continue reading
This paper reports on why people use, not use, or have stopped using mobile tap-and-pay in stores. The results of our online survey with 349 Apple Pay and 511 Android Pay participants suggest that the top reason for using mobile tap-andpay is usability. Surprisingly, for nonusers of Apple Pay, security was their biggest concern. A common security misconception we found among the nonusers (who stated security as their biggest concern) was that they felt storing card information on their phones is less secure than physically carrying cards inside their wallets. Continue reading
Facebook accounts are secured against unauthorized access through passwords and device-level security. Those defenses, however, may not be sufficient to prevent social insider attacks, where attackers know their victims, and gain access to a victim’s account by interacting directly with their device. To characterize these attacks, we ran two MTurk studies. In the first study Continue reading
A common security practice used to deal with a password breach is locking user accounts and sending out an email to tell users that they need to reset their password to unlock their account. This paper evaluates the effectiveness of this security practice based on the password reset email that LinkedIn sent out around May 2016, and through an online survey conducted on 249 LinkedIn users who received that email. Our evaluation shows that only about 46% of the participants reset their passwords.
This paper reports on a design and development of a mobile game prototype as an educational tool helping computer users to protect themselves against phishing attacks. The elements of a game design framework for avoiding phishing attacks were used to address the game design issues. Our mobile game design aimed to enhance the users’ avoidance behaviour through motivation to protect themselves against phishing threats. Continue reading
recent papers