Exploring User-Centered Security Design for Usable Authentication Ceremonies
Matthias Fassl, Lea Theresa Gröber, Katharina Krombholz
Abstract
Security technology often follows a systems design approach that focuses on components instead of users. As a result, the users’ needs and values are not sufficiently addressed, which has implications on security usability. In this paper, we report our lessons learned from applying a user-centered security design process to a well-understood security usability challenge, namely key authentication in secure instant messaging. Users rarely perform these key authentication ceremonies, which makes their end-to-end encrypted communication vulnerable. Our approach includes collaborative design workshops, an expert evaluation, iterative storyboard prototyping, and an online evaluation.
Topics & Concepts
UsabilityComputer scienceUSableAuthentication (law)User-centered designKey (lock)Human-computer interaction in information securityEncryptionStoryboardComputer securityProcess (computing)Human–computer interactionWorld Wide WebMultimediaInformation securitySoftware security assuranceSecurity serviceOperating systemInnovative Human-Technology InteractionUser Authentication and Security SystemsPrivacy, Security, and Data Protection