Codes v. People: A comparative usability study of two password recovery mechanisms

Vlasta Stavova, Vashek Matyas, Mike Just

Research output: Chapter in Book/Report/Conference proceedingConference contribution

180 Downloads (Pure)

Abstract

Password recovery is a critical, and often overlooked, requirement of account management. Currently popular solutions, such as security questions and out-of-band communications, have recognized security and usability issues. In this paper we evaluate two alternate recovery solutions considered by our industrial partner, using backup codes and trusted people, in order to determine their suitability as a viable password recovery solution. In this paper we focus on the usability evaluation of these two representative recovery methods, and not on the specifics of their design – while our evaluation results do indirectly point to general design enhancements. Our study determined that participants felt that backup codes (implemented as a QR-code in our solution) offer levels of usability and security that are acceptable to users for securing their "ordinary" accounts. For accounts perceived to require more security (e.g., online banking) more security was preferred by participants, resulting in a preference for trusted party recovery compared to backup codes. Our results also suggest that further research and deployment considerations should be given to options for other methods of password recovery, such as backup codes and trusted parties 3 .
Original languageEnglish
Title of host publicationProceedings of the 10th WISTP International Conference on Information Security Theory and Practice
PublisherSpringer
Publication statusAccepted/In press - 4 Jul 2016
Event10th WISTP International Conference on Information Security Theory and Practice - Heraklion, Crete, Greece
Duration: 26 Sep 201627 Sep 2016
http://www.wistp.org/

Publication series

NameLecture Notes in Computer Science
PublisherSpringer
ISSN (Print)0302-9743

Conference

Conference10th WISTP International Conference on Information Security Theory and Practice
Abbreviated titleWISTP 2016
CountryGreece
CityHeraklion, Crete
Period26/09/1627/09/16
Internet address

Fingerprint Dive into the research topics of 'Codes v. People: A comparative usability study of two password recovery mechanisms'. Together they form a unique fingerprint.

  • Cite this

    Stavova, V., Matyas, V., & Just, M. (Accepted/In press). Codes v. People: A comparative usability study of two password recovery mechanisms. In Proceedings of the 10th WISTP International Conference on Information Security Theory and Practice (Lecture Notes in Computer Science). Springer.