• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议> >The Emperor驴s New Security Indicators
【24h】

The Emperor驴s New Security Indicators

机译:皇帝驴新安全指标

获取原文
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

We evaluate website authentication measures that are designed to protect users from man-in-the-middle, 驴phishing驴, and other site forgery attacks. We asked 67 bank customers to conduct common online banking tasks. Each time they logged in, we presented increasingly alarming clues that their connection was insecure. First, we removed HTTPS indicators. Next, we removed the participant驴s site-authentication image-the customer-selected image that many websites now expect their users to verify before entering their passwords. Finally, we replaced the bank驴s password-entry page with a warning page. After each clue, we determined whether participants entered their passwords or withheld them. We also investigate how a study驴s design affects participant behavior: we asked some participants to play a role and others to use their own accounts and passwords. We also presented some participants with security-focused instructions. We confirm prior findings that users ignore HTTPS indicators: no participants withheld their passwords when these indicators were removed. We present the first empirical investigation of site-authentication images, and we find them to be ineffective: even when we removed them, 23 of the 25 (92%) participants who used their own accounts entered their passwords. We also contribute the first empirical evidence that role playing affects participants驴 security behavior: role-playing participants behaved significantly less securely than those using their own passwords.
机译:我们评估网站认证措施,旨在保护用户免受中间人攻击,网络钓鱼攻击和其他网站伪造攻击。我们要求67位银行客户执行常见的网上银行任务。每次他们登录时,我们都会提供越来越令人震惊的线索,证明他们的连接不安全。首先,我们删除了HTTPS指标。接下来,我们删除了参与者驴网站身份验证图像(这是客户选择的图像,许多网站现在希望这些用户在输入密码之前对其用户进行验证)。最后,我们用警告页面替换了bank驴s的密码输入页面。根据每个线索,我们确定参与者是输入密码还是保留密码。我们还研究了研究驴设计如何影响参与者的行为:我们要求一些参与者扮演角色,而其他人则使用他们自己的帐户和密码。我们还向一些参与者提供了有关安全性的说明。我们确认先前的发现是用户忽略了HTTPS指示器:删除这些指示器后,没有参与者会保留其密码。我们提出了对站点身份验证图像的首次实证研究,发现它们是无效的:即使删除了它们,使用自己帐户的25个参与者(占92%)中的23个都输入了密码。我们还提供了第一个经验证据,即角色扮演会影响参与者的驴安全行为:角色扮演参与者的行为安全性明显低于使用自己密码的参与者。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号