05-436 / 05-836 / 08-534 / 08-734 Usable Privacy and Security

Homework 4

Print your homework out and submit it in person at the start of class (3:00pm) on Thursday, February 13th. Homework will not be accepted after 3:05pm on that day.

• Part 1 (34 points): Write a 3--7 sentence summary and short "highlight" for each of the readings assigned for February 11th and February 13th. Students taking the 12-unit version of this class must also submit a summary and highlight for one of the optional readings from either of those days.


• Part 2 (33 points): One of the major usability challenges relating to passwords is that most users have dozens of accounts, yet it is difficult or impossible to remember dozens of distinct, complex passwords. Therefore, people often reuse passwords across these accounts, or make only minor modifications to existing passwords. In the common case of password breaches, attackers will try the same usernames and passwords from the breached site on other, often higher value sites (e.g., financial sites or email providers), compromising the accounts of people who reused their password.
  
  For this part of the homework, design a short (4 -- 6 questions, and no more than 12 minutes long) interview study exploring a research question of interest to you in the area of password reuse. You may choose to investigate whether participants have strategies for reusing passwords, such as using the same password on all accounts they believe to have little value (e.g., news websites), or perhaps all sites regardless of value. You might choose to investigate how participants come up with new passwords. You could investigate whether or not they believe there are security risks in reusing passwords across accounts, as well as what those risks might be. It's up to you to choose the research question, but don't try to do too much in such a short interview! At some point in the interview study, have your participant imagine they have to create a new account (give them details about what this account will be!), and ask them to think aloud as they create a password for this account. Think about how you will give them instructions to think aloud; they won't do so on their own!
  
  Turn in a 1--3 sentence description of your research question, along with the final script you use for the interview. Include in your script anything you will say to the participant at any point in the interview, such as welcoming them at the beginning or thanking them and telling them the purpose of the study at the end.


• Part 3 (33 points): Actually conduct this interview with 3 pilot participants (and, if applicable, improve your script in between interviews). While you would not want to have your friends participate in a real study, it's perfectly fine to have your friends participate in a pilot study like this. Turn in 3 -- 4 paragraphs describing the results. As part of presenting your results, explain what you learned from participants thinking aloud as they created a password.