Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
Effect of Mood, Location, Trust, and Presence of Others on Video-Based Social Authentication
Cheng Guo, Brianne Campbell, Apu Kapadia, Michael K. Reiter, and Kelly Caine
August 11 – 13, 2021
• Video-based social authentication is feasible within a small group of people who know and trust each other well
• Future video-based social authentication systems should integrate mood and locationdetection
Video-based Social Authentication
Fallback authentication utilize video chats with social networks
Passwords are easy to forget
1. Abbas Moallem. Did you forget your password? In International Conference of Design, User Experience, and Usability, pages 29–39. Springer, 2011.
Nearly three-quarters of people report they often or sometimes forget a password1
84% of users forget a password at least once a year2
2. Gigya, Inc. Survey guide: Businesses should begin preparing for the death of the password, 2016
Fallback authentications needed!
So how to recover your accounts?
Implications: Use Mood and Location Detection
Security Questions
Implications: Use Mood and Location Detection
Problems withSecurity Questions
About 33% of answers can be guessed by those who are close to the users1
Nearly 40% can be guessed by parents, partners, close friends, etc.2
It is nearly impossible to design security questions that are both secureand memorable.3
1. Moshe Zviran and William J Haga. User authentication by cognitive passwords: an empirical assessment. In Proceedings of the 5th Jerusalem Conference on Information Technology, 1990.’Next Decade in Information Technology’, pages 137–144. IEEE, 1990.2. John Podd, Julie Bunnell, and Ron Henderson. Cost-effective computer security: Cognitive and associative passwords. In Proceedings Sixth Australian Conference on Computer-Human Interaction, pages 304– 305. IEEE, 1996.3. Joseph Bonneau, Elie Bursztein, Ilan Caron, Rob Jackson, and Mike Williamson. Secrets, lies, and account recovery: Lessons from the use of personal knowledge questions at Google. In Proceedings of the 24th International Conference on World Wide Web, pages 141–150, 2015.
Implications: Use Mood and Location Detection
Out-of-bandAuthentication
Joseph Bonneau, Elie Bursztein, Ilan Caron, Rob Jackson, and Mike Williamson. Secrets, lies, and account recovery: Lessons from the use of personal knowledge questions at Google. In Proceedings of the 24th International Conference on World Wide Web, pages 141–150, 2015.
Implications: Use Mood and Location Detection
Paul A Grassi, Michael E Garcia, and James L Fenton. Digital identity guidelines. NIST special publication, 800:63–3, 2017
Social authentication has shown to be promising!
New forms of fallback authenticationare needed!
Use Video as a Form Of Authentication - Device Notarization1
Alana Libonati, Kelly Caine, Apu Kapadia, and Michael K Reiter. Defending against device theft with human notarization. In 10th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing, pages 8–17. IEEE, 2014.
Device Notarization
A Four-week-long Experience Sampling Study
30 participants (43% female)
Five groups (combination of strangers and people they knew)
Two or three questionaries via SMS per day (72 in total; 36 for initiate, 36 for help)
Participants were instructed about the video-based social authentication and to provide perceived willingness to use such authentication
Questionnaires – Initiate prompt
Questionnaires – Help prompt
Questionnaire measurements
Agree or decline the prompt
Reasons to agree or decline
Mood (Brief Mood Introspection Scale, four-point Likert)
Location
Presence of others
Logistic regressions with repeated measures
What did we find?
Mood matters
Initiate Help
p < .001 p < .001
“Implications: Use Mood and Location Detection
I’m grumpy in the morning, and I don’t think I would be very enjoyable to video chat with right now. - P25
Location matters
Initiate Help
Overall effect: p = .002At work vs. At home: p = .001
Driving a vehicle vs. At home: p < .001
Overall effect: p < .001At work vs. At home: p = .001
Driving a vehicle vs. At home: p < .001
Presence of others matters
Initiate Help
Overall effect: p = .008Strangers vs. Alone: p = .002
Overall effect: p < .001People I know vs. Alone: p < .001
Strangers vs. Alone: p = .002
“Implications: Use Mood and Location Detection
Sometimes I did not have the flexibility or availabilityto verify anyone in my network right when they needed me. I was often in meetings, driving in my car, or coaching hockey for my children. - P25
Use mood and location detection!
What can we do?
Trust matters
Help
Overall effect: p < .001
“Implications: Use Mood and Location Detection
Only because it’s Alice. - P19
… if I cannot get access to the app and my family or friendscan help me out. - P4
Use video-based social authentication in a small group of people who know and trust each other well!
What’s next?
Thank You!
August 11 – 13, 2021
This material is based upon work supported in part by the US National Science Foundation awards CNS-1228364, CNS-1228471.Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the sponsors.
Cheng [email protected]
Brianne [email protected]
Michael K. [email protected]
Kelly [email protected]