Integrating Visual Mnemonics and Input Feedback with Passphrases to Improve the Usability and Security of Digital Authentication

The need for both usable and secure authentication is more pronounced than ever before. Security researchers and professionals will need to have a deep understanding of human factors to address these issues. Due to their ubiquity, recoverability, and low barrier of entry, passwords remain the most common means of digital authentication. However, fundamental human nature dictates that it is exceedingly difficult for people to generate secure passwords on their own. System-generated random passwords can be secure but are often unusable, which is why most passwords are still created by humans. We developed a simple system for automatically generating mnemonic phrases and supporting mnemonic images for randomly generated passwords. We found that study participants remembered their passwords significantly better using our system than with existing systems. To combat shoulder surfing - looking at a user\u27s screen or keyboard as he or she enters sensitive input such as passwords - we developed an input masking technique that was demonstrated to minimize the threat of shoulder surfing attacks while improving the usability of password entry over existing methods. We extended this previous work to support longer passphrases with increased security and evaluated the effectiveness of our new system against traditional passphrases. We found that our system exhibited greater memorability, increased usability and overall rankings, and maintained or improved upon the security of the traditional passphrase systems. Adopting our passphrase system will lead to more usable and secure digital authentication

Investigation of the shoulder surfing risk in relation to mobile working

Reading in a public place and realising that the newspaper or book is also of interest to a casual observer is not a new phenomenon. While the term ‘Shoulder surfing’ is used in the context of this situation in the days of mobile computing, its antecedence in times of reading physical media. However, the development of both mobile computing and widely available internet connectivity means that the variety of documents available for casual observation has increased. This research demonstrated that sensitive material is viewed, and therefore displayed, in public places where they could be seen by unauthorised viewers, or shoulder surfers. Experimentation demonstrated that with the development of mobile technology not only are these documents visible to a casual observer, they can be duplicated by a smartphone camera and thereby leaked. This risk should, therefore, be considered by any organisation whose staff work on potentially sensitive information outside the protected corporate environment

Cyber-crime Science = Crime Science + Information Security

Cyber-crime Science is an emerging area of study aiming to prevent cyber-crime by combining security protection techniques from Information Security with empirical research methods used in Crime Science. Information security research has developed techniques for protecting the confidentiality, integrity, and availability of information assets but is less strong on the empirical study of the effectiveness of these techniques. Crime Science studies the effect of crime prevention techniques empirically in the real world, and proposes improvements to these techniques based on this. Combining both approaches, Cyber-crime Science transfers and further develops Information Security techniques to prevent cyber-crime, and empirically studies the effectiveness of these techniques in the real world. In this paper we review the main contributions of Crime Science as of today, illustrate its application to a typical Information Security problem, namely phishing, explore the interdisciplinary structure of Cyber-crime Science, and present an agenda for research in Cyber-crime Science in the form of a set of suggested research questions

Digital Interaction and Machine Intelligence

This book is open access, which means that you have free and unlimited access. This book presents the Proceedings of the 9th Machine Intelligence and Digital Interaction Conference. Significant progress in the development of artificial intelligence (AI) and its wider use in many interactive products are quickly transforming further areas of our life, which results in the emergence of various new social phenomena. Many countries have been making efforts to understand these phenomena and find answers on how to put the development of artificial intelligence on the right track to support the common good of people and societies. These attempts require interdisciplinary actions, covering not only science disciplines involved in the development of artificial intelligence and human-computer interaction but also close cooperation between researchers and practitioners. For this reason, the main goal of the MIDI conference held on 9-10.12.2021 as a virtual event is to integrate two, until recently, independent fields of research in computer science: broadly understood artificial intelligence and human-technology interaction

Is ‘Nudge’ as Good as ‘We Think’ in Designing Against Crime? Contrasting Paternalistic and Fraternalistic Approaches to Design for Behaviour Change

This chapter describes a collaborative design-led approach to behaviour change developed in the context of design against crime. It compares this collaborative ‘we think’ way of working to that of ‘nudge’ design and argues that the participatory design-led approach delivers a ‘fraternal’ rather than ‘paternal’ strategy for behaviour change that is transformative in its means as well as its ends. We outline situational crime prevention (SCP) and other approaches to modifying behaviour to explain how socially responsive design against crime draws upon SCP as well as a participatory, asset-oriented design approach to deliver interventions that reduce opportunities for crime. We introduce case studies from the Design Against Crime Research Centre (Bikeoff and ATM Art Mats) to draw attention to two examples of social design that provide exceptions to the idea (summarized by Niedderer et al. 2014) that designers adopt anecdotal approaches rather than meticulous analysis. Finally, we suggest that ‘bottom-up’ participatory strategies associated with socially responsive design may deliver more democratic social transformations, than behaviour change ‘nudges’