Papers by Jeunese Payne
Security and usability issues with passwords suggest
a need for a new authentication scheme. Seve... more Security and usability issues with passwords suggest
a need for a new authentication scheme. Several alternatives
involve a physical device or token. We investigate one such
alternative, Pico: an authentication scheme that utilizes multiple
wearable devices. We present the grounded theory results of a
series of semi-structured interviews for exploring perceptions of
this scheme. We found that the idea of carrying physical devices
increases perceived personal responsibility for secure authentication, making the risks and inconvenience associated with loss
and theft salient for participants. Security designers wishing to
challenge the status quo of passwords need to consider how to
reduce the anxiety surrounding responsibility and highlight the
benefits of tangible, token-based authentication schemes.
Lecture Notes in Computer Science, 2014
… of the 25th BCS Conference on …, 2011
Talks by Jeunese Payne
Password strength depends on the password design process and since humans are typically responsib... more Password strength depends on the password design process and since humans are typically responsible for designing their own passwords, password strength is often not that high. This means that we need to look to the human link in the chain of security, which hackers have already cottoned onto, even if security designers have not. We are missing something by not really considering the psychology that guides the password creation process. Attackers that focus on the human side of the human-computer interaction have the most success, and this includes tactics such as phishing, key-logging, and even making educated guesses.
Bad habits in password creation can be observed in password leaks. To help avoid these bad habits, users are typically asked to follow some guidelines and policies that force them to modify their passwords. Unfortunately, these guidelines are often too general, unrealistic, and reveal patterns to the attacker. The common advice for improving passwords is to educate people, even though evidence in psychology suggests that knowledge and attitudes are not the determining factor in behaviour.
People often behave in illogical ways and in ways that are contrary to how they feel or what they know. In general, the attitude-behaviour link is weak, usually due to: qualities of the attitude relative to the behaviour such as whether they are both specific and salient; qualities of the person, such as how much they self-monitor their behaviour, how conscientious they are, or how agreeable they are; and qualities of the situation such as the expectations of others and whether users have the resources to behave in a certain manner. People usually expect some level of consistency between attitudes and behaviour and so it may seem odd that we do not seem willing to follow our own advice.
Presentation of research to M.Prof Games students as an example of experimental design
Conference Presentations by Jeunese Payne
There have been numerous attempts to replace or re-design knowledge-based authentication. Despite... more There have been numerous attempts to replace or re-design knowledge-based authentication. Despite these endeavours, driven by known usability and security weaknesses, traditional password-based systems have remained ubiquitous. Graphical passwords have emerged and re-emerged in different forms as a proposed solution. The broad argument is that such passwords should be easier to remember, easier to use, and more secure. Psychological jargon is often used to justify these claims, but what does the real psychology suggest?
Grants/Awards by Jeunese Payne
Uploads
Papers by Jeunese Payne
a need for a new authentication scheme. Several alternatives
involve a physical device or token. We investigate one such
alternative, Pico: an authentication scheme that utilizes multiple
wearable devices. We present the grounded theory results of a
series of semi-structured interviews for exploring perceptions of
this scheme. We found that the idea of carrying physical devices
increases perceived personal responsibility for secure authentication, making the risks and inconvenience associated with loss
and theft salient for participants. Security designers wishing to
challenge the status quo of passwords need to consider how to
reduce the anxiety surrounding responsibility and highlight the
benefits of tangible, token-based authentication schemes.
Talks by Jeunese Payne
Bad habits in password creation can be observed in password leaks. To help avoid these bad habits, users are typically asked to follow some guidelines and policies that force them to modify their passwords. Unfortunately, these guidelines are often too general, unrealistic, and reveal patterns to the attacker. The common advice for improving passwords is to educate people, even though evidence in psychology suggests that knowledge and attitudes are not the determining factor in behaviour.
People often behave in illogical ways and in ways that are contrary to how they feel or what they know. In general, the attitude-behaviour link is weak, usually due to: qualities of the attitude relative to the behaviour such as whether they are both specific and salient; qualities of the person, such as how much they self-monitor their behaviour, how conscientious they are, or how agreeable they are; and qualities of the situation such as the expectations of others and whether users have the resources to behave in a certain manner. People usually expect some level of consistency between attitudes and behaviour and so it may seem odd that we do not seem willing to follow our own advice.
Conference Presentations by Jeunese Payne
Grants/Awards by Jeunese Payne
a need for a new authentication scheme. Several alternatives
involve a physical device or token. We investigate one such
alternative, Pico: an authentication scheme that utilizes multiple
wearable devices. We present the grounded theory results of a
series of semi-structured interviews for exploring perceptions of
this scheme. We found that the idea of carrying physical devices
increases perceived personal responsibility for secure authentication, making the risks and inconvenience associated with loss
and theft salient for participants. Security designers wishing to
challenge the status quo of passwords need to consider how to
reduce the anxiety surrounding responsibility and highlight the
benefits of tangible, token-based authentication schemes.
Bad habits in password creation can be observed in password leaks. To help avoid these bad habits, users are typically asked to follow some guidelines and policies that force them to modify their passwords. Unfortunately, these guidelines are often too general, unrealistic, and reveal patterns to the attacker. The common advice for improving passwords is to educate people, even though evidence in psychology suggests that knowledge and attitudes are not the determining factor in behaviour.
People often behave in illogical ways and in ways that are contrary to how they feel or what they know. In general, the attitude-behaviour link is weak, usually due to: qualities of the attitude relative to the behaviour such as whether they are both specific and salient; qualities of the person, such as how much they self-monitor their behaviour, how conscientious they are, or how agreeable they are; and qualities of the situation such as the expectations of others and whether users have the resources to behave in a certain manner. People usually expect some level of consistency between attitudes and behaviour and so it may seem odd that we do not seem willing to follow our own advice.