Interpretable Probabilistic Password Strength Meters via Deep Learning

Probabilistic password strength meters have been proved to be the most accurate tools to measure password strength. Unfortunately, by construction, they are limited to solely produce an opaque security estimation that fails to fully support the user during the password composition. In the present work, we move the first steps towards cracking the intelligibility barrier of this compelling class of meters. We show that probabilistic password meters inherently own the capability of describing the latent relation occurring between password strength and password structure. In our approach, the security contribution of each character composing a password is disentangled and used to provide explicit fine-grained feedback for the user. Furthermore, unlike existing heuristic constructions, our method is free from any human bias, and, more importantly, its feedback has a clear probabilistic interpretation. In our contribution: (1) we formulate the theoretical foundations of interpretable probabilistic password strength meters; (2) we describe how they can be implemented via an efficient and lightweight deep learning framework suitable for client-side operability.Comment: An abridged version of this paper appears in the proceedings of the 25th European Symposium on Research in Computer Security (ESORICS) 202

The doctor and the blue form: learning professional responsibility

Book synopsis: This book presents leading-edge perspectives and methodologies to address emerging issues of concern for professional learning in contemporary society. The conditions for professional practice and learning are changing dramatically in the wake of globalization, new modes of knowledge production, new regulatory regimes, and increased economic-political pressures. In the wake of this, a number of challenges for learning emerge: more practitioners become involved in interprofessional collaboration developments in new technologies and virtual workworlds emergence of transnational knowledge cultures and interrelated circuits of knowledge. The space and time relations in which professional practice and learning are embedded are becoming more complex, as are the epistemic underpinnings of professional work. Together these shifts bring about intersections of professional knowledge and responsibilities that call for new conceptions of professional knowing. Exploring what the authors call sociomaterial perspectives on professional learning they argue that theories that trace not just the social but also the material aspects of practice – such as tools, technologies, texts but also bodies and actions - are useful for coming to terms with the challenges described above. Reconceptualising Professional Learning develops these issues through specific contemporary cases focused on one of the book’s three main themes: (1) professionals’ knowing in practice, (2) professionals’ work arrangements and technologies, or (3) professional responsibility. Each chapter draws upon innovative theory to highlight the sociomaterial webs through which professional learning may be reconceptualised. Authors are based in Australia, Canada, Italy, Norway, Sweden, and the USA as well as the UK and their cases are based in a range of professional settings including medicine, teaching, nursing, engineering, social services, the creative industries, and more. By presenting detailed accounts of these themes from a sociomaterial perspective, the book opens new questions and methodological approaches. These can help make more visible what is often invisible in today’s messy dynamics of professional learning, and point to new ways of configuring educational support and policy for professionals

“This is the way ‘I’ create my passwords ...":does the endowment effect deter people from changing the way they create their passwords?

The endowment effect is the term used to describe a phenomenon that manifests as a reluctance to relinquish owned artifacts, even when a viable or better substitute is offered. It has been confirmed by multiple studies when it comes to ownership of physical artifacts. If computer users also "own", and are attached to, their personal security routines, such feelings could conceivably activate the same endowment effect. This would, in turn, lead to their over-estimating the \value" of their existing routines, in terms of the protection they afford, and the risks they mitigate. They might well, as a consequence, not countenance any efforts to persuade them to adopt a more secure routine, because their comparison of pre-existing and proposed new routine is skewed by the activation of the endowment effect.In this paper, we report on an investigation into the possibility that the endowment effect activates when people adopt personal password creation routines. We did indeed find evidence that the endowment effect is likely to be triggered in this context. This constitutes one explanation for the failure of many security awareness drives to improve password strength. We conclude by suggesting directions for future research to confirm our findings, and to investigate the activation of the effect for other security routines

Ethical guidelines for nudging in information security & privacy

There has recently been an upsurge of interest in the deployment of behavioural economics techniques in the information security and privacy domain. In this paper, we consider first the nature of one particular intervention, the nudge, and the way it exercises its influence. We contemplate the ethical ramifications of nudging, in its broadest sense, deriving general principles for ethical nudging from the literature. We extrapolate these principles to the deployment of nudging in information security and privacy. We explain how researchers can use these guidelines to ensure that they satisfy the ethical requirements during nudge trials in information security and privacy. Our guidelines also provide guidance to ethics review boards that are required to evaluate nudge-related research