33,010 research outputs found
EyeSpot: leveraging gaze to protect private text content on mobile devices from shoulder surfing
As mobile devices allow access to an increasing amount of private data, using them in public can potentially leak sensitive information through shoulder surfing. This includes personal private data (e.g., in chat conversations) and business-related content (e.g., in emails). Leaking the former might infringe on users’ privacy, while leaking the latter is considered a breach of the EU’s General Data Protection Regulation as of May 2018. This creates a need for systems that protect sensitive data in public. We introduce EyeSpot, a technique that displays content through a spot that follows the user’s gaze while hiding the rest of the screen from an observer’s view through overlaid masks. We explore different configurations for EyeSpot in a user study in terms of users’ reading speed, text comprehension, and perceived workload. While our system is a proof of concept, we identify crystallized masks as a promising design candidate for further evaluation with regard to the security of the system in a shoulder surfing scenario
M-health review: joining up healthcare in a wireless world
In recent years, there has been a huge increase in the use of information and communication technologies (ICT) to deliver health and social care. This trend is bound to continue as providers (whether public or private) strive to deliver better care to more people under conditions of severe budgetary constraint
Why Do Developers Get Password Storage Wrong? A Qualitative Usability Study
Passwords are still a mainstay of various security systems, as well as the
cause of many usability issues. For end-users, many of these issues have been
studied extensively, highlighting problems and informing design decisions for
better policies and motivating research into alternatives. However, end-users
are not the only ones who have usability problems with passwords! Developers
who are tasked with writing the code by which passwords are stored must do so
securely. Yet history has shown that this complex task often fails due to human
error with catastrophic results. While an end-user who selects a bad password
can have dire consequences, the consequences of a developer who forgets to hash
and salt a password database can lead to far larger problems. In this paper we
present a first qualitative usability study with 20 computer science students
to discover how developers deal with password storage and to inform research
into aiding developers in the creation of secure password systems
From Paternalistic to User-Centred Security: Putting Users First with Value-Sensitive Design
Usable security research to date has focused on making
users more secure, by identifying and addressing usability
issues that lead users to making mistakes, or by persuading
users to pay attention to security and make secure choices.
However, security goals were set by security experts, who
were unaware that users often have other priorities and
value security differently. In this paper, we present examples
of circumventions and non-adoption of secure systems
designed under this paternalistic mindset. We argue that
security experts need to identify user values and deliver
on them. To do that, we need a methodological framework
that can conceptualise values and identify those that impact
user engagement with security. We show that (a) engagement
with, and adherence to security, are mediated by user
values, and that (b) it is necessary to model those values
to understand the nature of security’s failures and to design
viable alternatives
- …