Why I Can't Authenticate --- Understanding the Low Adoption of Authentication Ceremonies with Autoethnography

Authentication ceremonies detect and mitigate Man-in-the-Middle (MitM) attacks on end-to-end encrypted messengers, such as Signal, WhatsApp, or Threema. However, prior work found that adoption remains low as non-expert users have difficulties using them correctly. Anecdotal evidence suggests that security researchers also have trouble authenticating others. Since their issues are probably unrelated to user comprehension or usability, the root causes may lie deeper. This work explores these root causes using autoethnography. The first author kept a five-month research diary of their experience with authentication ceremonies. The results uncover points of failure while planning and conducting authentication ceremonies. They include cognitive load, forgetfulness, social awkwardness, and explanations required by a communication partner. Additionally, this work identifies and discusses how sociocultural aspects affect authentication ceremonies. Lastly, this work discusses a design approach for cooperative security that employs cultural transcoding to improve sociocultural aspects of security by design

Security is beautiful

In the movie “Life is Beautiful”, Guido Orefice, the character interpreted by Roberto Benigni, convinces his son Giosuè that they have been interned in a nazi concentration camp not because they are Jews but because they are actually taking part in a long and complex game in which they, and in particular Giosuè, must perform the tasks that the guards give them. A ghastly experience is turned into a livable, at times even almost enjoyable, one. In this position paper, we advocate that, in the same spirit as Guido’s ingenious trick of turning a nazi camp into a sort of playground for his child, security should be beautiful; and if it isn’t so yet, it should then be made beautiful, so that the users experience it in that way. This is, of course, an extremely challenging objective, and we will discuss through further scenarios a few ways in which it could be made possible in the future. It turns out that the Peppa Pig cartoon may also be inspiring

Security is beautiful (Transcript of discussion)

Security is beautiful (Transcript of discussion