Security technology often follows a systems design approach that focuses on components instead of users. As a result, the users' needs and values are not sufficiently addressed, which has implications on security usability. In this paper, we report our lessons learned from applying a user-centered security design process to a well-understood security usability challenge, namely key authentication in secure instant messaging. Users rarely perform these key authentication ceremonies, which makes their end-to-end encrypted communication vulnerable. Our approach includes collaborative design workshops, an expert evaluation, iterative storyboard prototyping, and an online evaluation.
While we could not demonstrate that our design approach resulted in improved usability or user experience, we found that user-centered prototypes can increase the users' comprehension of security implications. Hence, prototypes based on users' intuitions, needs, and values are useful starting points for approaching long-standing security challenges. Applying complementary design approaches may improve usability and user experience further.
History
Preferred Citation
Matthias Fassl, Lea Gröber and Katharina Krombholz. Exploring User-Centered Security Design for Usable Authentication Ceremonies. In: International Conference on Human Factors in Computing Systems (CHI). 2021.
Primary Research Area
Empirical and Behavioral Security
Name of Conference
International Conference on Human Factors in Computing Systems (CHI)
Legacy Posted Date
2021-01-19
Open Access Type
Unknown
BibTeX
@inproceedings{cispa_all_3342,
title = "Exploring User-Centered Security Design for Usable Authentication Ceremonies",
author = "Fassl, Matthias and Gröber, Lea and Krombholz, Katharina",
booktitle="{International Conference on Human Factors in Computing Systems (CHI)}",
year="2021",
}