HCI research published 10 years ago pointed out that many users cannot cope with the number and complexity of passwords, and resort to insecure workarounds as a consequence. We present a study which re-examined password policies and password practice in the workplace today. 32 staff members in two organisations kept a password diary for 1 week, which produced a sample of 196 passwords. The diary was followed by an interview which covered details of each password, in its context of use.We find that users are in general concerned to maintain security, but that existing security policies are too inflexible to match their capabilities, and the tasks and contexts in which they operate. As a result, these password policies can place demands on users which impact negatively on their productivity and, ultimately, that of the organisation.We conclude that, rather than focussing password policies on maximizing password strength and enforcing frequency alone, policies should be designed using HCI principles to help the user to set an appropriately strong password in a specific context of use.
Traditional Personal Identification Numbers (PINs) are widely used, but the attacks in which they are captured have been increasing. One-time PINs offer better security, but potentially create greater workload for users. In this paper, we present an independent evaluation of a commercial system that makes PINs more resistant to observation attacks by using graphical passwords on a grid to generate a one-time PIN. 83 participants were asked to register with the system and log in at varying intervals. The successful login rate was approximately 91% after 3-4 days, and 97% after 9-10 days. Twenty five participants were retested after two years, and 27% of those were able to recall their pattern. We recorded 17 instances of failed attempts, and found that even though participants recalled the general shape of the pass-pattern in 13 of these instances, they could not recall its detailed location or sequence of cells. We conclude that GrIDsure is usable if people have one pass-pattern, but the level of security will depend on the context of use (it will work best in scenarios where repeated observations of transactions are unlikely), and the instructions given to users (without guidance, they are likely to chose from a small subset of the possible patterns which are easily guessed).
Novel technologies such as quantum computing present new opportunities to support societal needs, but societal engagement is vital to secure public trust. Quantum computing technologies are at a pivotal point in their journey from foundational research to deployment, creating a moment for society to investigate, reflect, and consult on their implications. Responsible Innovation (RI) is one method for considering impacts, engaging with societal needs, reflecting on any concerns, and influencing the trajectory of the innovation in response. This paper draws on the empirical work of the RI team embedded in the Networked Quantum Information Technologies Hub. The team investigated researchers' perceptions of RI and their understanding of societal impacts of quantum technologies, and sought to gauge the challenges of embedding RI across a multi-disciplinary, large-scale enterprise such as the UK quantum programme. The work demonstrated some of the difficulties involved in embedding RI approaches, and in creating a dialogue between innovators and societies. Finally, the authors offer recommendations to policymakers, researchers, and industrial organisations, for better practice in responsible quantum computing, and to ensure that societal considerations are discussed alongside commercial motivations. Applying RI to quantum computing at this pivotal point has implications for RI in other emerging technologies.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.