Archive for the 'Ideas' Category

Discussion Session: Invisible HCI-SEC: Ways of re-architecting the operating system to increase usability and security

Thursday, July 16th, 2009

Discussion session lead by Simson Garfinkel.  Free form discussion follows.
(there were other sessions, but as I only attended this one, this is the only one I got to blog)
Simson wants to talk about system constraints rather than usability constraints.  In practice, focusing on one at the detriment of the other simply creates an insecurity at [...]

Phishing and OpenID: Bookmarks to the Rescue?

Saturday, January 20th, 2007

OpenID, as currently used for single sign-on, facilitates phishing.
Using OpenID, you can establish an account at any identity provider you like, and then use it to log in to any OpenID-enabled website.  Unfortunately, the way it’s currently deployed, described, and demonstrated, OpenID makes users even more susceptible to phishing than they are without it.  [...]

Rivest’s ThreeBallot Voting System

Friday, September 29th, 2006

Ron Rivest suggests a paper-based voting system called ThreeBallot, which is unusual in that it lets voters verify the integrity of the election from end to end, but doesn’t require computers to do fancy cryptographic operations.  Designers of voting schemes have long desired to enable each voter to ascertain with confidence that their ballot [...]

An Idea: Upending the Password Strength Problem

Friday, July 14th, 2006

I had an idea yesterday evening inspired by Cynthia Kuo’s talk on phrase-based passwords.  Cynthia’s research started with a popular method for choosing memorable passwords and evaluated the strength of passwords created using that method.  And there was a questioner from the audience who noted that, whenever you popularize a particular formula for [...]

How to Manage Passwords and Prevent Phishing

Wednesday, February 8th, 2006

I have an idea about how to solve the phishing problem.  Although proposals to solve phishing are not yet as common as proposals to solve spam, there certainly have been quite a few of them, so you would be right to wonder what makes this proposal any different or any more likely to work.
So, [...]

Dynamic Security Skins

Friday, July 8th, 2005

This paper proposes a scheme called Dynamic Security Skins to combat phishing.
Rachna calls phishing the “ultimate SOUPS problem” because phishers and security designers battle in the user interface, because attacks are rapidly evolving, and because it’s a real-world problem.  Phishers rapidly iterate on HCI designs, exactly as we are taught to do in HCI, [...]

User-Selected PassPoints Images

Thursday, July 7th, 2005

During the talk on PassPoints, it occurred to me that it might be interesting to combine some of those ideas with user-selected images (inspired by the work on Dynamic Security Skins).
One concern that was mentioned about PassPoints was that the images may guide people to commonly choose the same points, leading to guessable passwords.  [...]

The Path of Least Resistance

Thursday, March 17th, 2005

This year I attended South by Southwest for the first time and enjoyed meeting lots of interesting folks.  During a session about decentralized social networks, the panelists mentioned the problem that bloggers (especially beginning bloggers) sometimes post personal information about themselves in public without realizing the risks.  Often they may be unaware of [...]