05-436 / 05-836 / 08-534 / 08-734 / 19-534 / 19-734 Usable Privacy and Security

Homework 4

Print your homework out and submit it in person at the start of class (3:00pm) on Monday, February 20. Homework will not be accepted after 3:00pm on that day.

Part 1 (50 points): One of the major usability challenges relating to passwords is that most users have dozens of accounts, yet it is difficult or impossible to remember dozens of distinct, complex passwords. Therefore, people often reuse passwords across these accounts or make only minor modifications to existing passwords. In the common case of password breaches, attackers will try the same usernames and passwords from the breached site on other, often higher value sites (e.g., financial sites or email providers), compromising the accounts of people who reused their password.

For this part of the homework, design a short (3-6 questions, and no more than 15 minutes long) interview study exploring a research question of interest to you in the area of passwords or password reuse. For example, you may investigate whether participants have strategies for reusing passwords, such as using the same password on all accounts they believe to have little value (e.g., news websites), or perhaps all sites regardless of value. You might choose to investigate how participants come up with new passwords. You could investigate whether or not they believe there are security risks in reusing passwords across accounts, as well as what those risks might be. It's up to you to choose the research question, but don't try to do too much in such a short interview! You might ask participants to role play in a scenario or perform a task such as creating a new password and explain what they are doing.

Turn in a 1-3 sentence description of your research question, along with the final script you use for the interview. Include in your script anything you will say to the participant at any point in the interview, such as welcoming them at the beginning or thanking them.

Part 2 (50 points): Actually conduct this interview with 3 pilot participants (and, if applicable, improve your script in between interviews). While you would not want to have your friends participate in a real study, it's perfectly fine to have your friends participate in a pilot study like this. Then, using the qualitative analysis techniques we've discussed in class, turn in 3 -- 4 paragraphs describing the results. As part of presenting your results, explain what you learned from participants creating a password.

Part 3 (9-unit students should not do this part. 12-unit students will receive between 0 and 15 points for this part): Write a 3--7 sentence summary and short "highlight" for one optional reading assigned for the February 20 class.