Codes v. People: A Comparative Usability Study of Two Password Recovery Mechanisms

Abstract : Password recovery is a critical, and often overlooked, requirement of account management. Currently popular solutions, such as security questions and out-of-band communications, have recognized security and usability issues. In this paper we evaluate two alternate recovery solutions considered by our industrial partner, using backup codes and trusted people, in order to determine their suitability as a viable password recovery solution. In this paper we focus on the usability evaluation of these two representative recovery methods, and not on the specifics of their design – while our evaluation results do indirectly point to general design enhancements. Our study determined that participants felt that backup codes (implemented as a QR-code in our solution) offer levels of usability and security that are acceptable to users for securing their “ordinary” accounts. For accounts perceived to require more security (e.g., online banking) more security was preferred by participants, resulting in a preference for trusted party recovery compared to backup codes. Our results also suggest that further research and deployment considerations should be given to options for other methods of password recovery, such as backup codes and trusted parties (Full details and paper supplementary materials can be found at http://crcs.cz/papers/wistp2016 .).
Type de document :
Communication dans un congrès
Sara Foresti; Javier Lopez. 10th IFIP International Conference on Information Security Theory and Practice (WISTP), Sep 2016, Heraklion, Greece. Springer International Publishing, Lecture Notes in Computer Science, LNCS-9895, pp.35-50, 2016, Information Security Theory and Practice. 〈10.1007/978-3-319-45931-8_3〉
Liste complète des métadonnées

Littérature citée [23 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01639601
Contributeur : Hal Ifip <>
Soumis le : lundi 20 novembre 2017 - 14:53:32
Dernière modification le : lundi 20 novembre 2017 - 14:56:13
Document(s) archivé(s) le : mercredi 21 février 2018 - 13:51:03

Fichier

 Accès restreint
Fichier visible le : 2019-01-01

Connectez-vous pour demander l'accès au fichier

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Vlasta Stavova, Vashek Matyas, Mike Just. Codes v. People: A Comparative Usability Study of Two Password Recovery Mechanisms. Sara Foresti; Javier Lopez. 10th IFIP International Conference on Information Security Theory and Practice (WISTP), Sep 2016, Heraklion, Greece. Springer International Publishing, Lecture Notes in Computer Science, LNCS-9895, pp.35-50, 2016, Information Security Theory and Practice. 〈10.1007/978-3-319-45931-8_3〉. 〈hal-01639601〉

Partager

Métriques

Consultations de la notice

135