About
CUPS is the Carnegie Mellon Usable Privacy & Security Lab, which is presently hosting SOUPS the Symposium on Usable Privacy & Security at Google in Mountain View, CA.
Recent Posts
Mostly social stuff
http://www.flickr.com/photos/8391807@N05/sets/72157600254522816/
Dear all,
It’s nice to present our poster at SOUPS. Welcome to try our demo on preference-based authentication. Any comments will be appreciated.
http://blue-moon-authentication.com/
For more details, see http://I-forgot-my-password.com
Liu
PCI DSS is Payment Card Industry Data Security Standard, a collaborative effort to achieve a common set of security standards for use by entities that process, store, or transport payment card data. This applies to: all merchants that “store, process, or transmit cardholder data” and all payment channels including brick-and-mortar, mail, telephone, and e-commerce.
PCI Standards
Install [...]
Study
-chose not to examine bugs or browser flaws
-Analyzed a combination of 214 websites(mostly banks)
Demo:
-Login on insecure pages
-Contact information on insecure pages
Should this be a concern?
-exploits would not be straightforward, but attackers are becoming more organized
Use of Third-Party Sites
-break in chain of trust
Demo:
-transition to third party site
Policies on User Ids and Passwords
-inadequate or unclear policies for [...]
Summary from the discussion Metrics for Characterizing Research Participants’ Technical Knowledge:
- Background with some studies and criteria that they used- Participants agreed that there needs to be a metric but it is not clear whether there can be one-size-fit-all- Conduct a large study among different types of users and then decide on what type of [...]
Eiji Hayashi
Nicolas Christin
Rachna Dhamija
Adria Perrig
Graphical Authentication
Passfaces – Faces are used as graphical portfolio
Pass Points – Use “a sequence of clicks” as a shared secret
DAS (Draw-A-Secret) -
Deja vu
Graphical Portfolio
If user chooses portfolio, easy to remember
If it’s random, users have difficult remembering picture
Use your Illusion
Allow users to take/choose picture by themselves
Distort pictures
Assign the distorted pictures as graphical [...]
Paul Dunphy, James Nicholson and Patrick Olivier
Study 1:
18 participants (9m, 9f) , 45 faces (27f, 18m)
Record descriptions of 15 faces each
Results: Females made longer descriptions, used more words to describe them
Study 2:
56 partcipants (31m, 25f)
Within-subject with conditions:
Random decoys
Visually similar decoys (used a separate set of participants to group similar matches)
Descriptively similar decoys
Task: participant to [...]
SOUPS gets lots of press each year and we will be collecting as we see it in this post.
Analyzing Websites for User-Visible Security Design Flaws by Laura Falk, Atul Prakash and Kevin Borders has already been cited in a number of articles and posts including:
Information Week: Most Bank Sites Are Insecure
Slashdot: Most Bank Websites Are [...]
Ari Rabkin
Summary: Due to an environment where information sharing is common, security questions are becoming easier and easier to attack. What to do? Redesign security questions so that they are not easily attackable. Add additional elements (i.e. audio or video) that can still be easy for the user to remember, but unique to the user.
Security [...]
© CUPS Blog. Powered by WordPress using the DePo Clean Theme.