The true cost of unusable password policies: password use in the wild

HCI research published 10 years ago pointed out that many users cannot cope with the number and complexity of passwords, and resort to insecure workarounds as a consequence. We present a study which re-examined password policies and password practice in the workplace today. 32 staff members in two organisations kept a password diary for 1 week, which produced a sample of 196 passwords. The diary was followed by an interview which covered details of each password, in its context of use. We find that users are in general concerned to maintain security, but that existing security policies are too inflexible to match their capabilities, and the tasks and contexts in which they operate. As a result, these password policies can place demands on users which impact negatively on their productivity and, ultimately, that of the organisation. We conclude that, rather than focussing password policies on maximizing password strength and enforcing frequency alone, policies should be designed using HCI principles to help the user to set an appropriately strong password in a specific context of use

Smartphones usage at workplace: Assessing information security risks from accessibility perspective

Innovations in technology have created opportunities for employees to be increasingly efficient, productive and always connected to both internal and external customers as they go about their everyday lives using consumer IT tools and resources. This leads to increasingly employee's use of such resources at hand while performing their routine activities at workplaces due to inherent features of connectivity that allow ease of access to information assets. Building on the significance of effort expectancy (ease of use) in earlier research on smartphone adoption at workplace, this study seeks to examine from the aspect of accessibility (ease of access) as a key feature of smart phone usage. It adapts key constructs of Routine Activity Theory (RAT) in the premises of information systems security, viewing the construct of accessibility (ease of copying/transfer data) as a risk associated with the smartphone usage at workplace. That is, focusing on the probability of convenience (opportunity) as a motivation to commit crime. Through analysis of extant literature and theoretical assertions, it presents a theoretical model that can help identify the relationship between smartphone usage and occurrence of insider fraud incidents in the presence of certain situational stimuli. This study assumes that there are possible implications at workplace in terms of ease of access which a smartphone device provides to an employee allowing them to copy/transfer sensitive information assets conveniently, the practice that may actually increase the occurrence of detrimental security behaviors in the absence of management controls

From Sit-Forward to Lean-Back: Using a Mobile Device to Vary Interactive Pace

Although online, handheld, mobile computers offer new possibilities in searching and retrieving information on the go, the fast-paced, “sit -forward” style of interaction may not be appropriate for all user search needs. In this paper, we explore how a handheld computer can be used to enable interactive search experiences that vary in pace from fast and immediate through to reflective and delayed. We describe a system that asynchronously combines an offline handheld computer and an online desktop Personal Computer, and discuss some results of an initial user evaluation

Supporting Real-Time Contextual Inquiry Through Sensor Data

A key challenge in carrying out product design research is obtaining rich contextual information about use in the wild. We present a method that algorithmically mediates between participants, researchers, and objects in order to enable real-time collaborative sensemaking. It facilitates contextual inquiry, revealing behaviours and motivations that frame product use in the wild. In particular, we are interested in developing a practice of use driven design, where products become research tools that generate design insights grounded in user experiences. The value of this method was explored through the deployment of a collection of Bluetooth speakers that capture and stream live data to remote but co-present researchers about their movement and operation. Researchers monitored a visualisation of the real-time data to build up a picture of how the speakers were being used, responding to moments of activity within the data, initiating text conversations and prompting participants to capture photos and video. Based on the findings of this explorative study, we discuss the value of this method, how it compares to contemporary research practices, and the potential of machine learning to scale it up for use within industrial contexts. As greater agency is given to both objects and algorithms, we explore ways to empower ethnographers and participants to actively collaborate within remote real-time research

Studying Password Use in the Wild: Practical Problems and Possible Solutions

HCI research into usability and security over 10 years has repeatedly found that users are unable to cope when faced with unusable password policies. Yet to show the full impact of these policies, it is necessary to consider the context of use within the organisation. Password requirements which users cannot meet have a cost in terms of impact on users’ primary task and, hence, loss of productivity. Conversely, organisational practices determine the numbers of passwords and the frequency of use. Retrospective accounts, questionnaires, and experimental methods fail to capture the full context of use. We present our experiences from the use of a study which was designed to overcome these shortcomings. We devised a structured diary study of password use followed by detailed debrief interviews. We found that this study effectively elicited participants’ main password uses and brought to light details of the context of use. However, the study did not capture accurate measures of workload or time taken in password use; these are better measured through other methods. Finally, our research leads us to conclude that there are further impacts of passwords in the workplace which can only be fully understood from richer ethnographic methods

Diary Web – Based Application

This document is a fully completed stage report for a project titled “Diary Web – Based Application” that relating to how aspects of apply the diary in life and an electronic application of audio voice recorder that can be combined to create a fully autonomous voice recording for diary machine. The existing application of diary application that applicable is a web – based system where it will automatically generated from user ideas, histories or activities that need to be saved. It consists of location, time and date for the information that being recorded but it not useful when retrieved as references or playback the information. In this project had do a researched, designed and ultimately implemented using a combination of web based which is XAMPP Software that consist of PHP language, Apache Application and also using Database system application which is MySQL for record purposes in the application system development. The electronic of voice recorder is implemented in JAVA language with audio functionality and being formatted in WAV audio format. This application will use a suitable pattern matching system that gives satisfaction to user, secure and easy to use. KEYWORDS: Voice Recorder, Diary, Web – based, JAVA, PHP, MySQL, Database, WAV audio format, XAMPP Software, Apache Applicatio