Search results

The purpose of this paper is to focus on a potential tradeoff between security and usability in people’s use of online passwords – in general, complex passwords are secure and desirable but difficult to use (i.e. difficult to memorize) whereas simple passwords are easy to use, but are insecure and undesirable. Construal level theory (CLT) explains how high vs low construal level causes people to focus on “desirability” vs “feasibility” of an action, which in the research context can translate into the “security” vs “usability” of using passwords.

The authors conducted a series of three laboratory experiments manipulating people’s construal level and investigating its impact on password use.

The authors found that people who were induced to think at a high construal level created or showed intention to choose stronger passwords relative to people who were induced to think at a low construal level. Furthermore, this effect was also significantly different from the control group who did not receive any experimental treatment. In addition, the authors found that perspective taking targeted at the desirability of creating a strong password further strengthened the effect of a high construal level on intended password choice.

This research makes several contributions to existing literature on password security. First, this research offers CLT as a theoretical lens to explain an individual’s thinking and behavior concerning online password use. Second, this research offers empirical evidence that a high construal level improves users’ password use, a desirable feature for improved security. Third, this research contributes to the literature on how to apply nudging to influence human behavior toward more desirable, stronger, password use. Finally, our research identifies PT as a factor enhancing the positive effect of a high construal level on online users’ password use.

Sellers view facial recognition mobile payment services (FRMPS) as a convenient and cost-saving way to receive immediate payments from customers. For consumers, however, these biometric identification technologies raise issues of usability as well as privacy, so FRMPS are not always preferable. This study uses the stressor–strain–outcome (S–S–O) framework to illuminate the underlying mechanism of FRMPS resistance, thereby addressing the paucity of research on users' negative attitudes toward FRMPS.

Drawing from the stressor–strain–outcome (S–S–O) framework, the purpose of this study is to illuminate the underlying mechanism of FRMPS resistance. To this end, they invited 566 password authentication users who had refused to use FRMPS to complete online survey questionnaires.

The findings enrich the understanding of FRMPS resistance and show that stressors (i.e. system feature overload, information overload, technological uncertainty, privacy concern and perceived risk) aggravate the strain (i.e. technostress), which then leads to users’ resistance behaviors and negative word of mouth.

Advances in payment methods have profoundly changed consumers’ consumption and payment habits. Understanding FRMPS resistance can provide marketers with strategies for dealing with this negative impact. This study theoretically confirms the S–S–O paradigm in the FRMPS setting and advances it by proposing thorough explanations of the major stressors that consumers face. Building on their findings, the authors suggest ways service providers can eliminate the stressors, thereby reducing consumers’ fear and preventing resistance or negative word-of-mouth behaviors. This study has valuable implications for both scholars and practitioners.

Online flight booking websites compare airfares, convenience and other consumer relevant attributes. Environmental concerns are typically not addressed, even though aviation is the most emission-intensive mode of transportation. This article demonstrates the potential for digital nudges to facilitate more environmentally friendly decision-making on online flight booking websites.

The authors used the digital nudging design process to implement two nudging interventions in an experimental setting on a fictitious flight booking website. The two nudging interventions are (1) an informational nudge, presented as an emission label, and (2) an understanding mapping nudge, presented as an emission converter.

This article finds that both digital nudges are useful interventions in online choice environments; however, emission labels more effectively encourage sustainable booking behavior.

The contributions of this article are twofold. In contribution to research, this article builds on existing research in sustainability contexts and successfully evaluates the effectiveness of anchoring and understanding mapping heuristics to influence sustainable decision-making in virtual environments. Furthermore, in contribution to practice, this article contributes knowledge to nudge design and provides hands on examples for designers or website operators on how to put nudge designs to practice in virtual choice environments. Additionally, this article contributes relevant considerations in a high-impact research field with growing importance given the global climate crisis.

This paper aims to propose that more useful novel schemes could develop from a more principled examination and application of promising authentication features. Text passwords persist despite several decades of evidence of their security and usability challenges. It seems extremely unlikely that a single scheme will globally replace text passwords, suggesting that a diverse ecosystem of multiple authentication schemes designed for specific environments is needed. Authentication scheme research has thus far proceeded in an unstructured manner.

This paper presents the User-Centred Authentication Feature Framework, a conceptual framework that classifies the various features that knowledge-based authentication schemes may support. This framework can used by researchers when designing, comparing and innovating authentication schemes, as well as administrators and users, who can use the framework to identify desirable features in schemes available for selection.

This paper illustrates how the framework can be used by demonstrating its applicability to several authentication schemes, and by briefly discussing the development and user testing of two framework-inspired schemes: Persuasive Text Passwords and Cued Gaze-Points.

This framework is intended to support the increasingly diverse ecosystem of authentication schemes by providing authentication researchers, professionals and users with the increased ability to design, develop and select authentication schemes better suited for particular applications, environments and contexts.

The purpose of this study is to examine the effects of culture on the cross-cultural design of the recognition-based graphical password (RBG-P) interface as inferred from Chinese and Saudi subjects’ image selections.

The authors use a between-group design adopted using two groups of participants from China and the Kingdom of Saudi Arabia to measure the differences caused by the effects of cultures on graphical password image selections. Three hypotheses have been tested in a four-week long study carried out using two questionnaires and an RBG-P webtool designed for images selection.

The results have indicated that participants are equally biased not only toward their own culture but also depending on their opinions about other cultures. In addition, when creating the password, it has been observed that culture not only influenced the image selection to create the password but also have an effect on the sequence of the images forming the password.

Appropriately used image selection differences can be used appropriately in cross-cultural designs that will lead to better development of culturally adaptive interfaces that will boost the security posture of RBG-P authentication.

Some RBG-P interfaces that are produced outside the designer’s culture may suffer the effects of cultural differences. Hence, to incorporate culture in the interface, authentication systems within applications should be flexible by designing images that fit the culture in which the software will be used. To this end, access control interface testing should also be carried out in the environmental and cultural context in which it is will be used.

This paper provides useful information for international developers who develop cross-cultural usable secure designs. In such environments, the cross-culturally designs may have significant effects on the acceptability and adoption adaptation of the interface to multi-cultural settings.

The average employee spends a total of 18.6 h every two months on password-related activities, including password retries and resets. The problem is caused by the user forgetting or mistyping the password (usually because of character switching). The source of this issue is that while a password containing combinations of lowercase characters, uppercase characters, digits and special characters (LUDS) offers a reasonable level of security, it is complex to type and/or memorise, which prolongs the user authentication process. This results in much time being spent for no benefit (as perceived by users), as the user authentication process is merely a prerequisite for whatever a user intends to accomplish. This study aims to address this issue, passphrases that exclude the LUDS guidelines are proposed.

To discover constructs that create security and to investigate usability concerns relating to the memory and typing issues concerning passphrases, this study was guided by three theories as follows: Shannon’s entropy theory was used to assess security, chunking theory to analyse memory issues and the keystroke level model to assess typing issues. These three constructs were then evaluated against passwords and passphrases to determine whether passphrases better address the security and usability issues related to text-based user authentication. A content analysis was performed to identify common password compositions currently used. A login assessment experiment was used to collect data on user authentication and user – system interaction with passwords and passphrases in line with the constructs that have an impact on user authentication issues related to security, memory and typing. User–system interaction data was collected from a purposeful sample size of 112 participants, logging in at least once a day for 10 days. An expert review, which comprised usability and security experts with specific years of industry and/or academic experience, was also used to validate results and conclusions. All the experts were given questions and content to ensure sufficient context was provided and relevant feedback was obtained. A pilot study involving 10 participants (experts in security and/or usability) was performed on the login assessment website and the content was given to the experts beforehand. Both the website and the expert review content was refined after feedback was received from the pilot study.

It was concluded that, overall, passphrases better support the user during the user authentication process in terms of security, memory issues and typing issues.

This research aims at promoting the use of a specific type of passphrase instead of complex passwords. Three core aspects need to be assessed in conjunction with each other (security, memorisation and typing) to determine whether user-friendly passphrases can support user authentication better than passwords.

Suggests that computer passwords can pose a major computer security risk, as password guessing is the most prevalent and effective method of system penetration. Introduces a new computer package which can address this problem by generating difficult‐to‐guess passwords by removing human judgement from the password construction process.

Six years ago, Bonneau et al. (2012) proposed a framework to compare authentication schemes to the ubiquitous text password. Even though their work did not reveal an alternative outperforming the text password on every criterion, the framework can support decision makers in finding suitable solutions for specific authentication contexts. The purpose of this paper is to extend and update the database, thereby discussing benefits, limitations and suggestions for continuing the development of the framework.

This paper revisits the rating process and describes the application of an extended version of the original framework to an additional 40 authentication schemes identified in a literature review. All schemes were rated in terms of 25 objective features assigned to the three main criteria: usability, deployability and security.

The rating process and results are presented along with a discussion of the benefits and pitfalls of the rating process.

While the extended framework, in general, proves suitable for rating and comparing authentication schemes, ambiguities in the rating could be solved by providing clearer definitions and cut-off values. Further, the extension of the framework with subjective user perceptions that sometimes differ from objective ratings could be beneficial.

The results of the rating are made publicly available in an authentication choice support system named ACCESS to support decision makers and researchers and to foster the further extension of the knowledge base and future development of the extended rating framework.

The purpose of this study was to determine how security statement certainty (overconfident, underconfident and realistic) and behavioral intentions of potential consumers impact the perceptions of companies in the presence or absence of a past security breach.

The study exposed participants to three types of security statements and randomly assigned them to the presence or absence of a previous breach. Participants then evaluated the company and generated a hypothetical password for that company.

This study found that the presence or absence of a previous breach had a large impact on company perceptions, but a minimal impact on behavioral intentions to be personally more secure.

The authors found that the presence or absence of a previous breach had a large impact on company perceptions, but minimal impact on behavioral intentions to be personally more secure.

Companies need to be cautious about how much confidence they convey to consumers. Companies should not rely on consumers engaging in secure online practices, even following a breach.

Companies need to communicate personal security behaviors to consumers in a way that still instills confidence in the company but encourages personal responsibility.

The confidence of company security statements and presence of a previous breach were examined for their impact on company perception and a novel dependent variable of password complexity.

This study aims to examine the impact of cultural familiarity with images on the memorability of recognition-based graphical password (RBG-P).

The researchers used a between-group design with two groups of 50 participants from China and the Kingdom of Saudi Arabia, using a webtool and two questionnaires to test two hypotheses in a four-week long study.

The results showed that culture has significant effects on RBG-P memorability, including both recognition and recall of images. It was also found that the login success rate depreciated quickly as time progressed, which indicates the memory decay and its effects on the visual memory.

Collectively, these results can be used to design universal RBG-Ps with maximal password deflection points. For better cross-cultural designs, designers must allow users from different cultures to personalize their image selections based on their own cultures.

The RBG-P interfaces developed without consideration for users’ cultures may lead to the construction of passwords that are difficult to memorize and easy to attack. Thus, the incorporation of cultural images is indispensable for improving the authentication posture.

The development of RBG-P with cultural considerations will make it easy for the user population to remember the password and make it more expensive for the intruder to attack.

This study provides an insight for RBG-P developers to produce a graphical password platform that increases the memorability factor.