Top

Published in:

2011 | OriginalPaper | Chapter

Reconciling Usability and Security: Interaction Design Guidance and Practices for On-Line User Authentication

Author : Michael Lang

Published in: Information Systems Development

Publisher: Springer New York

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Usability and security are often portrayed as though they are competing priorities in information systems development. Given that both are essential to the design of an effective system, it is important that these two prerogatives should be reconciled. In recent years, there is growing concern with the rising incidence of on-line impersonation, theft and other types of fraud. It is therefore important that an information system must have a secure and rigorous way of authenticating a user’s identity. This paper reviews the sources of literature on interactive design guidance for on-line user authentication, and then compares the actual practices of a purposefully selected sample of twelve Websites against the recommendations from the literature. Alarmingly, the findings of this study are that many Websites have user authentication processes which contain basic design flaws that are potentially open to exploitation by Internet criminals.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter A Framework for Optimizing Inter-operating Business Process Portfolio

next chapter A Framework for Intention-Driven Requirements Engineering of Innovative Software Products

Alexander C (1964) Notes on the synthesis of form. Harvard University Press, Cambridge

Baskerville R (1993) Information systems security design methods: implications for information systems development. ACM Comput Surv 25(4):375-414CrossRef

Cranor LF, Garfinkel S (2005) Security and usability: designing secure systems that people can use. O’Reilly Media. ISBN 10: 0-596-00827-9

Data Protection Commissioner (Ireland) (2008) Twentieth annual report of the data protection commissioner. http://www.dataprotection.ie. Accessed 20 Apr 2010

Egger FN (2001) Affective design of e-commerce user interfaces: how to maximise perceived trustworthiness. In: Helander HM et al (eds) Proceedings of the international conference on affective human factors design. Asean Academic Press, London

Fernandez-Buglioni E, Hybertson D, Sommerlad P (2005) Security patterns: integrating security and systems engineering. Wiley, New York

Furnell S (2007) An assessment of website password practices. Comput Secur 26(7–8):445–451CrossRef

Gao H, Liu X, Wang S, Dai R (2009) A new graphical password scheme against spyware by using CAPTCHA. In: Proceedings of the symposium on usable privacy and security (SOUPS), 15–17 July, Mountain View

Halkidis ST, Chatzigeorgiou A, Stephanides G (2006) A qualitative analysis of software security patterns. Comput Secur 25(5):379–392CrossRef

10.

Internet Crime Complaint Centre (2009) Internet crime report. http://www.ic3.gov/media/annualreports.aspx

11.

Keith M, Shao B, Steinbart PJ (2007) The usability of passphrases for authentication: an empirical field study. Int J Hum Comput Stud 65(1):17–28CrossRef

12.

Lang M, Devitt J, Kelly S, Kinneen A, O’Malley J, Prunty D (2009) Social networking and personal data security: a study of attitudes and public awareness in Ireland. In: Proceedings of the international conference on management of e-commerce and e-government (ICMeCG), Nanchang, China, 16–19 Sept. IEEE CompSoc, pp 486–489

13.

Lyardet F, Rossi G, Schwabe D (1999) Discovering and using design patterns in the WWW. Multimedia Tools Appl 8(3):293–308CrossRef

14.

McDermott J, Fox C (1999) Using abuse case models for security requirements analysis. In: Proceedings of 15th annual computer security applications conference (ACSAC’99), Phoenix

15.

Microsoft (2005) Web service security: scenarios, patterns, and implementation guidance for web services enhancements (WSE) 3.0. http://msdn.microsoft.com/en-us/library/aa480569.aspx. Accessed 20 Apr 2010

16.

Muñoz-Arteaga J, González RM, Vanderdonckt J (2008) A classification of security feedback design patterns for interactive web applications. In: Proceedings of 3rd international conference on internet monitoring and protection, IEEE Computer Society, Washington, pp 166–171

17.

Norman D (2009) When security gets in the way. ACM Interact 16(6):60–69CrossRef

18.

Preece J, Rogers Y, Sharp H (2002) Interaction design: beyond human-computer interaction. Wiley, New York

19.

Schneier B (2004) Customers, passwords, and Web sites. IEEE Secur Privacy 2(4):88CrossRef

20.

Sindre G, Opdahl AL (2005) Eliciting security requirements with misuse cases. Req Eng 10(1):34–44CrossRef

21.

Siponen M, Heikka J (2008) Do secure information system design methods provide adequate modeling support? Inf Softw Technol 50(9–10):1035–1053CrossRef

22.

van Duyne DK, Landay JA, Hong JI (2003) The design of sites—patterns, principles and processes for creating a customer-centered web experience. Addison-Wesley. ISBN 020172149X

23.

Vora P (2009) Web application design patterns. Morgan Kaufmann. ISBN 012374265X

24.

Vu K-PL, Proctor RW, Bhargav-Spantzel A, Tai B-L, Cook J, Schultz EE (2007) Improving password security and memorability to protect personal and organizational information. Int J Hum Comput Stud 65(8):744–757CrossRef

25.

Wadlow T, Gorelik V (2009) What can be done to make browsers secure while preserving their usability? Commun ACM 52(5):40–45CrossRef

26.

Yan J, Blackwell A, Anderson R, Grant A (2004) Password memorability and security: empirical results. IEEE Secur Privacy 2(5):25–31CrossRef

27.

Yapp P (2001) Passwords: use and abuse. Comput Fraud Secur 9(1):14–16CrossRef

28.

Yee K-P (2002) User interaction design for secure systems. In: Deng R et al (eds) Information and communications security, LNCS 2513. Springer, New York, pp 278–290

29.

Yoder J, Barcalow J (1997) Architectural patterns for enabling application security. In: Proceedings of 4th conference on pattern languages of programming (PLoP’97), Monticello, 3–5 Sept

30.

Zurko ME, Simon RT (1996) User-centred security. In: Proceedings of new security paradigms workshop, Lake Arrowhead, ACM Press, New York, pp 27–33. ISBN 0-89791-944-0

31.

Zviran M, Haga WJ (1999) Password security: an empirical study. J Manage Inf Syst 15(4):161–185CrossRef

Title: Reconciling Usability and Security: Interaction Design Guidance and Practices for On-Line User Authentication
Author: Michael Lang
Publisher: Springer New York
Book: Information Systems Development
Print ISBN: 978-1-4419-9645-9

Electronic ISBN: 978-1-4419-9790-6

Copyright Year: 2011
DOI: https://doi.org/10.1007/978-1-4419-9790-6_32

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner