Psychology of Design (PoD) Laboratory

Human-Centered Cybersecurity

Cybersecurity research and development has mainly focused on technical solutions to increase security. However, the greatest weakness of many systems is the poorly designed user interface and limited user knowledge. [ Interactions: Feature (May + June) ]

Improving Authentication:

Instead of viewing users as the inevitable weak point in the authentication process, we propose that authentication interfaces be designed to take advantage of users’ natural abilities. This approach requires that we understand how interactions with authentication interfaces can be improved and what human capabilities can be exploited. This work has resulted in working graphical authentication prototypes (Cain & Still, 2017; Tiller, Angelini, Leibner, & Still, 2019) and associated provisional patents. To begin bridging the gap between research and practice, we have consolidated the recognized usability issues into a list of authentication design guidelines (Still, Cain, & Schuster, 2017). In addition, we have started to explore the over-the-shoulder-attack vector from a behavioral perspective (e.g., Cain, Werner, & Still, 2017; Cain, Chiu, Santiago, & Still, 2016), which is a recognized weakness of next-gen graphical authentication. Recently, we have started exploring the impact authentication schemes have on our limited working memory resources (Still & Cain, 2019).

Understanding User Knowledge:

Cyber security breaches are highly publicized, so most end users are aware that they are at risk, but they do not know how to follow best practices. They often lack the understanding of the necessary cybersecurity actions and this can underlie inappropriate attitudes and behaviors. We recently surveyed users’ cyber hygiene knowledge about a wide variety of topics (Cain, Edwards, & Still, 2018). For instance, users report the following about their passwords:
• 85% used personal information
• 46% used dictionary words
• 50% used the same password for multiple accounts
• 59% do not change their password
• 95% share their password with others

Top Ten Cyber Hygiene Best Practices (slide deck)

Contact Us | ©2019