"Make Them Change it Every Week!": A Qualitative Exploration of Online Developer Advice on Usable and Secure Authentication

Usable and secure authentication on the web and beyond is mission-critical. While password-based authentication is still widespread, users have trouble dealing with potentially hundreds of online accounts and their passwords. Alternatives or extensions such as multi-factor authentication have their own challenges and find only limited adoption. Finding the right balance between security and usability is challenging for developers. Previous work found that developers use online resources to inform security decisions when writing code. Similar to other areas, lots of authentication advice for developers is available online, including blog posts, discussions on Stack Overflow, research papers, or guidelines by institutions like OWASP or NIST. We are the first to explore developer advice on authentication that affects usable security for end-users. Based on a survey with 18 professional web developers, we obtained 406 documents and qualitatively analyzed 272 contained pieces of advice in depth. We aim to understand the accessibility and quality of online advice and provide insights into how online advice might contribute to (in)secure and (un)usable authentication. We find that advice is scattered and that finding recommendable, consistent advice is a challenge for developers, among others. The most common advice is for password-based authentication, but little for more modern alternatives. Unfortunately, many pieces of advice are debatable (e.g., complex password policies), outdated (e.g., enforcing regular password changes), or contradicting and might lead to unusable or insecure authentication. Based on our findings, we make recommendations for developers, advice providers, official institutions, and academia on how to improve online advice for developers.Comment: Extended version of the paper that appears at ACM CCS 2023. 18 pages, 4 figures, 11 table

How Does Usable Security (Not) End Up in Software Products? Results From a Qualitative Interview Study

For software to be secure in practice, users need to be willing and able to appropriately use security features. These features are usually implemented by software professionals during the software development process (SDP), who may be unable to consider the usability of these mechanisms. While research has made progress in supporting developers in creating secure software products, very little attention has been paid to whether and how these security features are made usable. In a semi-structured interview study with 25 software professionals (software developers, designers, architects), we explored how they and other decision-makers encounter and deal with security and usability during the software development process in their companies. Based on 37 hours of interview recordings, we qualitatively analyzed and investigated 23 distinct development contexts in detail. In addition to individual awareness and factors that directly influence the implementation phase, we identify a high impact of contextual factors, such as stakeholder pressure, presence of expertise, and collaboration culture, and the specific implementation of the SDP on usable security in software products. We conclude our work by highlighting important gaps, such as studying and improving contextual factors that contribute to usable security and discussing potential improvements of the status quo

The ALICE transition radiation detector: Construction, operation, and performance

The Transition Radiation Detector (TRD) was designed and built to enhance the capabilities of the ALICE detector at the Large Hadron Collider (LHC). While aimed at providing electron identification and triggering, the TRD also contributes significantly to the track reconstruction and calibration in the central barrel of ALICE. In this paper the design, construction, operation, and performance of this detector are discussed. A pion rejection factor of up to 410 is achieved at a momentum of 1 GeV/c in p-Pb collisions and the resolution at high transverse momentum improves by about 40% when including the TRD information in track reconstruction. The triggering capability is demonstrated both for jet, light nuclei, and electron selection. © 2017 CERN for the benefit of the ALICE Collaboration

The ALICE Transition Radiation Detector: construction, operation, and performance

The Transition Radiation Detector (TRD) was designed and built to enhance the capabilities of the ALICE detector at the Large Hadron Collider (LHC). While aimed at providing electron identification and triggering, the TRD also contributes significantly to the track reconstruction and calibration in the central barrel of ALICE. In this paper the design, construction, operation, and performance of this detector are discussed. A pion rejection factor of up to 410 is achieved at a momentum of 1 GeV/ c in p–Pb collisions and the resolution at high transverse momentum improves by about 40% when including the TRD information in track reconstruction. The triggering capability is demonstrated both for jet, light nuclei, and electron selection

ALICE: Physics performance report, volume I

Cortese P, Dellacasa G, Ramello L, et al. ALICE: Physics performance report, volume I. Journal of Physics G: Nuclear and Particle Physics. 2004;30(11):1517-1763.ALICE is a general-purpose heavy-ion experiment designed to study the physics of strongly interacting matter and the quark-gluon plasma in nucleus-nucleus collisions at the LHC. It currently includes more than 900 physicists and senior engineers, from both nuclear and high-energy physics, from about 80 institutions in 28 countries. The experiment was approved in February 1997. The detailed design of the different detector systems has been laid down in a number of Technical Design Reports issued between mid-1998 and the end of 2001 and construction has started for most detectors. Since the last comprehensive information on detector and physics performance was published in the ALICE Technical Proposal in 1996, the detector as well as simulation, reconstruction and analysis software have undergone significant development. The Physics Performance Report (PPR) will give an updated and comprehensive summary of the current status and performance of the various ALICE subsystems, including updates to the Technical Design Reports, where appropriate, as well as a description of systems which have not been published in a Technical Design Report. The PPR will be published in two volumes. The current Volume I contains: 1. a short theoretical overview and an extensive reference list concerning the physics topics of interest to ALICE, 2. relevant experimental conditions at the LHC, 3. a short summary and update of the subsystem designs, and 4. a description of the offline framework and Monte Carlo generators. Volume II, which will be published separately, will contain detailed simulations of combined detector performance, event reconstruction, and analysis of a representative sample of relevant physics observables from global event characteristics to hard processes. (Some figures in this article are in colour only in the electronic version.

ALICE: Physics Performance Report

ALICE is a general-purpose heavy-ion experiment designed to study the physics of strongly interacting matter and the quark-gluon plasma in nucleus-nucleus collisions at the LHC. It currently involves more than 900 physicists and senior engineers, from both the nuclear and high-energy physics sectors, from over 90 institutions in about 30 countries. The ALICE detector is designed to cope with the highest particle multiplicities above those anticipated for Pb-Pb collisions (dN ch/dy up to 8000) and it will be operational at the start-up of the LHC. In addition to heavy systems, the ALICE Collaboration will study collisions of lower-mass ions, which are a means of varying the energy density, and protons (both pp and pA), which primarily provide reference data for the nucleus-nucleus collisions. In addition, the pp data will allow for a number of genuine pp physics studies. The detailed design of the different detector systems has been laid down in a number of Technical Design Reports issued between mid-1998 and the end of 2004. The experiment is currently under construction and will be ready for data taking with both proton and heavy-ion beams at the start-up of the LHC. Since the comprehensive information on detector and physics performance was last published in the ALICE Technical Proposal in 1996, the detector, as well as simulation, reconstruction and analysis software have undergone significant development. The Physics Performance Report (PPR) provides an updated and comprehensive summary of the performance of the various ALICE subsystems, including updates to the Technical Design Reports, as appropriate. The PPR is divided into two volumes. Volume I, published in 2004 (CERN/LHCC 2003-049, ALICE Collaboration 2004 J. Phys. G: Nucl. Part. Phys. 30 1517-1763), contains in four chapters a short theoretical overview and an extensive reference list concerning the physics topics of interest to ALICE, the experimental conditions at the LHC, a short summary and update of the subsystem designs, and a description of the offline framework and Monte Carlo event generators. The present volume, Volume II, contains the majority of the information relevant to the physics performance in proton-proton, proton-nucleus, and nucleus-nucleus collisions. Following an introductory overview, Chapter 5 describes the combined detector performance and the event reconstruction procedures, based on detailed simulations of the individual subsystems. Chapter 6 describes the analysis and physics reach for a representative sample of physics observables, from global event characteristics to hard processes

The ALICE Transition Radiation Detector: Construction, operation, and performance

The Transition Radiation Detector (TRD) was designed and built to enhance the capabilities of the ALICE detector at the Large Hadron Collider (LHC). While aimed at providing electron identification and triggering, the TRD also contributes significantly to the track reconstruction and calibration in the central barrel of ALICE. In this paper the design, construction, operation, and performance of this detector are discussed. A pion rejection factor of up to 410 is achieved at a momentum of 1 GeV/c in p-Pb collisions and the resolution at high transverse momentum improves by about 40% when including the TRD information in track reconstruction. The triggering capability is demonstrated both for jet, light nuclei, and electron selection