The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.02 - March/April (2008 vol.6)
pp: 24-29
Rachna Dhamija , Harvard University
Lisa Dusseault , CommerceNet
ABSTRACT
Identity management systems' scale and complexity, combined with the privacy and security requirements demanded of them, create steep challenges for usability. In this article, the authors posit seven flaws or design challenges that must be met for the general public to accept and use identity management systems.
INDEX TERMS
usability, identity management, privacy
CITATION
Rachna Dhamija, Lisa Dusseault, "The Seven Flaws of Identity Management: Usability and Security Challenges", IEEE Security & Privacy, vol.6, no. 2, pp. 24-29, March/April 2008, doi:10.1109/MSP.2008.49
REFERENCES
1. A. Acquisti and J. Grossklags, "Privacy and Rationality in Decision Making," IEEE Security &Privacy, vol. 3, no. 1, 2005, pp. 26–33.
2. B. Fitzpatrick and D. Recordon, "Thoughts on the Social Graph;" http://bradfitz.comsocial-graph-problem/.
3. A. Adams and M.A. Sasse, "Users Are Not the Enemy: Why Users Compromise Security Mechanisms and How to Take Remedial Measures," Comm. ACM, vol. 42, no. 12, 1999, pp. 40–46.
4. R. Dhamija, J.D. Tygar, and M. Hearst, "Why Phishing Works," Proc. Conf. Human Factors in Computing Systems (CHI 06), ACM Press, 2006, pp. 581–590.
5. McAfee-NCSA Online Safety Study, Oct. 2007; www.staysafeonline.info/newsamericanslackprotection.html .
6. AOL/NCSA Online Safety Study, Dec. 2005; www.staysafeonline.info/pdfsafety_study_2005.pdf .
7. D. Florencio and C. Herley, "A Large Scale Study of Web Password Habits," Proc. Int'l Word Wide Web Conf. (WWW 07), ACM Press, 2007, pp. 657–665.
8. R. Dhamija and A. Perrig, "DéjàVu: A User Study—Using Images for Authentication," Proc. 9th Usenix Security Symp., Usenix Assoc., 2000, pp. 45–58.
9. B.M. Gross and E.F. Churchill, "Addressing Constraints: Multiple Usernames Task Spillage and Notions of Identity," Proc. Conf. Human Factors in Computing Systems: Extended Abstracts (CHI 07), ACM Press, 2007, pp. 2393–2398.
10. K. Cameron, "Laws of Identity," blog, May 2005; ww.identityblog.com/stories/2004/12/09thelaws.html .
11. E. Maler, "r-e-s-p-e-c-t," blog, 19 June 2006; www.xmlgrrl.com/blog/archives/2006/06/19 r-e-s-p-e-c-t/.
12. N. Good et al., "Stopping Spyware at the Gate: A User Study of Privacy, Notice, and Spyware," Proc. Symp. Usable Privacy and Security (SOUPS 05), ACM Press, 2005, pp. 43–52.
13. J. Grossklags and N. Good, "Empirical Studies on Software Notices to Inform Policy Makers and Usability Designers," Proc. Usable Security (USEC 07), Lecture Notes in Computer Science, Springer, 2007.
14. M.S. Wogalter and W.J. Vigilante, "Attention Switch and Maintenance," Handbook of Warnings, M.S. Wogalter, ed., Lawrence Erlbaum Assoc., 2006, pp. 245–265.
15. D.A. Norman, Design Rules Based on Analyses of Human Error," Comm. ACM, vol. 26, no. 4, 1983, pp. 254–258.
16. B. Schwartz, "The Tyranny of Choice," Scientific Am., Apr. 2004, pp. 71–75.
17. S. Schechter et al., "The Emperor's New Security Indicators," Proc. IEEE Symp. Security and Privacy, IEEE CS Press, 2007, pp. 51–65.
18. J. Franks et al., "RFC2617: HTTP Authentication: Basic and Digest Access Authentication," June 1999; www.ietf.org/rfcrfc2617.txt.
19. Privacy Rights Clearinghouse, Chronology of Data Breaches, www.privacyrights.org/arChronDataBreaches.htm .
20. R. Stern, "What Happened in Vegas…," Phoenix New Times,31 May 2007; www.phoenixnewtimes.com/2007-05-31/news/ what-happened-in-vegasfull.
5 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool