In 2014, we launched our open-access repository which offers full text access to conference proceedings from many of our events including the INC and HAISA series. These papers are free to access and distribute (subject to citing the source).
European Information Security Multi-Conference (EISMC 2013)
Title: Contextualized Security Interventions in Password Transmission Scenarios
Author(s): Melanie Volkamer, Steffen Bartsch, Michaela Kauer
Keywords: Security intervention, human aspects, contextualized, https, secure password transmission, intervention strategy, threats, consequences, risks.
Abstract: Usable security user studies as well as the number of successful attacks to end users' data and devices show that today's security interventions like the green URL bar and self-signed certificate warnings do not protect end users effectively for many reasons. To improve the situation, we proposed the Framework fOr Contextualized security Interventions (FOCI). While this framework provides general guidelines how to develop contextualized security interventions, this is the first paper in which this framework is applied to actually develop adequate security intervention strategies and intervention content. We focus on a subset of security- and privacy-critical scenarios in the context of web applications - namely those in which users visit web pages containing a password filed. If either the communication is not confidential and authenticated or the service behind the web page is not trustworthy, entering a password can have consequences like financial loss and privacy leakage in particular for users reusing their passwords for several different web pages. Therefore, it is important to provide effective security interventions for these scenarios.
Download count: 2955
How to get this paper:
PDF copy of this paper is free to download. You may distribute this copy providing you cite this page as the source.