Privacy and Usability of Image and Text Based Challenge Questions Authentication in Online Examination

In many online examinations, physical invigilation is often replaced with traditional authentication approaches for student identification. Secure and usable authentication approaches are important for high stake online examinations. A Profile Based Authentication Framework (PBAF) was developed and implemented in a real online learning course embedded with summative online examination. Based on users’ experience of using the PBAF in an online course, online questionnaires were used to collect participants' feedback on effectiveness, layout and appearance, user satisfaction, distraction and privacy concerns. Based on overall findings of the quantitative analysis, there was a positive feedback on the use of a hybrid approach utilizing image and text based challenge questions for better usability. However, the number of questions presented during learning and examination processes were reported to be too many and caused distraction. Participants expressed a degree of concern on sharing personal and academic information with little or no privacy concern on using favorite question

Evaluating the End-User Experience of Private Browsing Mode

Nowadays, all major web browsers have a private browsing mode. However, the mode's benefits and limitations are not particularly understood. Through the use of survey studies, prior work has found that most users are either unaware of private browsing or do not use it. Further, those who do use private browsing generally have misconceptions about what protection it provides. However, prior work has not investigated \emph{why} users misunderstand the benefits and limitations of private browsing. In this work, we do so by designing and conducting a three-part study: (1) an analytical approach combining cognitive walkthrough and heuristic evaluation to inspect the user interface of private mode in different browsers; (2) a qualitative, interview-based study to explore users' mental models of private browsing and its security goals; (3) a participatory design study to investigate why existing browser disclosures, the in-browser explanations of private browsing mode, do not communicate the security goals of private browsing to users. Participants critiqued the browser disclosures of three web browsers: Brave, Firefox, and Google Chrome, and then designed new ones. We find that the user interface of private mode in different web browsers violates several well-established design guidelines and heuristics. Further, most participants had incorrect mental models of private browsing, influencing their understanding and usage of private mode. Additionally, we find that existing browser disclosures are not only vague, but also misleading. None of the three studied browser disclosures communicates or explains the primary security goal of private browsing. Drawing from the results of our user study, we extract a set of design recommendations that we encourage browser designers to validate, in order to design more effective and informative browser disclosures related to private mode

Critical Success Factors for Positive User Experience in Hotel Websites: Applying Herzberg's Two Factor Theory for User Experience Modeling

This research presents the development of a critical success factor matrix for increasing positive user experience of hotel websites based upon user ratings. Firstly, a number of critical success factors for web usability have been identified through the initial literature review. Secondly, hotel websites were surveyed in terms of critical success factors identified through the literature review. Thirdly, Herzberg's motivation theory has been applied to the user rating and the critical success factors were categorized into two areas. Finally, the critical success factor matrix has been developed using the two main sets of data.Comment: Journal articl

Towards a Heuristic Model for Usable and Secure Online Banking

The main purpose of this paper is to propose a heuristic model for usable and secure online banking. The model is based on identified heuristics that contribute to the design of usable security in the context of online banking security. Little research has focused on the balance between usability and security in online banking authentication mechanisms when evaluating the effectiveness of security systems. Nielsen’s ten usability principles are still fundamentally important in designing usable secure systems, as indicated by the analysis of heuristics developed from recent studies. Online banking users are vulnerable to numerous old and new sophisticated online security threats that are increasingly being developed and targeting this unsuspecting group of users. An investigation into this aspect of security design can certainly benefit both the online banking users and online banking merchants, and foster a secure and usable banking environment. In this paper, a heuristic model for usable online banking security is developed, based on security design principles found in literature. Using data collected from users of online banking in South Africa through a questionnaire and banking security personnel interviews, we envisaged refining the identified heuristics and developing a checklist for each heuristic used, for heuristic evaluation by field experts

Conservation of Limited Resources: Design Principles for Security and Usability on Mobile Devices

Mobile devices have evolved from an accessory to the primary computing device for an increasing portion of the general population. Not only is mobile the primary device, consumers on average have multiple Internet-connected devices. The trend towards mobile has resulted in a shift to “mobile-first” strategies for delivering information and services in business organizations, universities, and government agencies. Though principles for good security design exist, those principles were formulated based upon the traditional workstation configuration instead of the mobile platform. Security design needs to follow the shift to a “mobile-first” emphasis to ensure the usability of the security interface. The mobile platform has constraints on resources that can adversely impact the usability of security. This research sought to identify design principles for usable security for mobile devices that address the constraints of the mobile platform. Security and usability have been seen as mutually exclusive. To accurately identify design principles, the relationship between principles for good security design and usability design must be understood. The constraints for the mobile environment must also be identified, and then evaluated for their impact on the interaction of a consumer with a security interface. To understand how the application of the proposed mobile security design principles is perceived by users, an artifact was built to instantiate the principles. Through a series of guided interactions, the importance of proposed design principles was measured in a simulation, in human-computer interaction, and in user perception. The measures showed a resounding difference between the usability of the same security design delivered on mobile vs. workstation platform. It also reveals that acknowledging the constraints of an environment and compensating for the constraints yields mobile security that is both usable and secure. Finally, the hidden cost of security design choices that distract the user from the surrounding environment were examined from both the security perspective and public safety perspective