the cups blog


Paper presented by Rob Reeder.

Looked at the “secret” questions used by the top four webmail providers. The problem with secret questions are that 1) some random person could guess it 2) your significant other could guess it 3) you could forget it. So why not just use your email account to verification? What happens when you can’t get back into your email account because you forgot your password or you no longer have the account?

Our vision for the future is to use many different backup authentication options. There are several different ways you could authenticate yourself including SMS. But now what combinations of mechanisms is necessary to reset a password.

How will users understand what they will need to do to get back in their account if they get locked out? Describe it in terms of an exam. Give the users a list of pieces of evidence they have to provide and the values of each of these pieces of evidence are shown. The user needs to get a certain number of points to get back into their account. This seemed to require too much math so also created an interface that divided evidence into weak, medium, and strong.

Did a lab study of 18 participants age 30-48. Showed the users the current LiveID interface, a shortened Exam interface and the Exam interface. Participants were asked if “Jane Doe” could get back into her account if she provided a certain piece of evidence.

Users had trouble determining what would be needed to get back into their account for the LiveID interface. Users were much better at determining what would be needed using the Exam interface. Users were also able to accurately determined what was required given a long Exam interface with little difference from the short Exam interface. The Exam interfaces also performed better than the Evidence interface where users see the types of evidence needed.

Audience Questions:

  • Why does it matter if people do not understand what LiveId is doing? In this study we are measuring comprehension. The reason is that if someone misunderstands what they need to do they are going to feel betrayed.
  • Do you think anyone looks at that screen before they loose their password? They would look at it when they setup their account. Many users may be happy with the defaults but we think that power users want to know this.
  • The one open question is what would have happened on the LiveId screen if you had had a sentence saying “you only need one of these methods?” You could do that, but it doesn’t scale to the six or ten things you might need to do. It doesn’t scale to situations where multiple authentications could be used.
  • Do you have any evidence that when users can configure what they use to get back in do they do a better job than the default? We didn’t test this. We think that is an interesting question. Two key things 1) how do you prod people to make things more secure? This is when they had the least invested in it. 2) how do we help them make things more secure?
  • You assume that users who actually want to use this flexibility, did you ask your participants if they thought they would find this useful? We didn’t ask the users. People love things till they have to actually use them and figure out they are broken. We don’t really have the data because users can’t make an informed choice at the moment.