Forcing Johnny to login safely: Long-term user study of forcing and training login mechanisms

Amir Herzberg; Ronen Margulies

doi:10.1007/978-3-642-23822-2_25

Forcing Johnny to login safely: Long-term user study of forcing and training login mechanisms

Amir Herzberg, Ronen Margulies

Department of Computer Science

Bar-Ilan University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

11 Scopus citations

Abstract

We present the results of the first long-term user study of site-based login mechanisms which force and train users to login safely. We found that interactive site-identifying images received 70% detection rates, which is significantly better than passive indicators' results [15,8,12]. We also found that login bookmarks, when used together with 'non-working' links, doubled the prevention rates of reaching spoofed login pages in the first place. Combining these mechanism provides effective prevention and detection of phishing attacks, and when several images are displayed in the login page, the best detection rates (82%) and overall resistance rates (93%) are achieved. We also introduce the notion of negative training functions, which train users not to take dangerous actions by experiencing failure when taking them.

Original language	English
Title of host publication	Computer Security, ESORICS 2011 - 16th European Symposium on Research in Computer Security, Proceedings
Publisher	Springer Verlag
Pages	452-471
Number of pages	20
ISBN (Print)	9783642238215
DOIs	https://doi.org/10.1007/978-3-642-23822-2_25
State	Published - 2011
Event	16th European Symposium on Research in Computer Security, ESORICS 2011 - Leuven, Belgium Duration: 12 Sep 2011 → 14 Sep 2011

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	6879 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	16th European Symposium on Research in Computer Security, ESORICS 2011
Country/Territory	Belgium
City	Leuven
Period	12/09/11 → 14/09/11

Access to Document

10.1007/978-3-642-23822-2_25

Cite this

Herzberg, A., & Margulies, R. (2011). Forcing Johnny to login safely: Long-term user study of forcing and training login mechanisms. In Computer Security, ESORICS 2011 - 16th European Symposium on Research in Computer Security, Proceedings (pp. 452-471). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 6879 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-642-23822-2_25

Herzberg, Amir ; Margulies, Ronen. / Forcing Johnny to login safely : Long-term user study of forcing and training login mechanisms. Computer Security, ESORICS 2011 - 16th European Symposium on Research in Computer Security, Proceedings. Springer Verlag, 2011. pp. 452-471 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{dd154e9c18d849c4adbdb1c17c9ff082,

title = "Forcing Johnny to login safely: Long-term user study of forcing and training login mechanisms",

abstract = "We present the results of the first long-term user study of site-based login mechanisms which force and train users to login safely. We found that interactive site-identifying images received 70% detection rates, which is significantly better than passive indicators' results [15,8,12]. We also found that login bookmarks, when used together with 'non-working' links, doubled the prevention rates of reaching spoofed login pages in the first place. Combining these mechanism provides effective prevention and detection of phishing attacks, and when several images are displayed in the login page, the best detection rates (82%) and overall resistance rates (93%) are achieved. We also introduce the notion of negative training functions, which train users not to take dangerous actions by experiencing failure when taking them.",

author = "Amir Herzberg and Ronen Margulies",

year = "2011",

doi = "10.1007/978-3-642-23822-2_25",

language = "אנגלית",

isbn = "9783642238215",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "452--471",

booktitle = "Computer Security, ESORICS 2011 - 16th European Symposium on Research in Computer Security, Proceedings",

address = "גרמניה",

note = "16th European Symposium on Research in Computer Security, ESORICS 2011 ; Conference date: 12-09-2011 Through 14-09-2011",

}

Herzberg, A & Margulies, R 2011, Forcing Johnny to login safely: Long-term user study of forcing and training login mechanisms. in Computer Security, ESORICS 2011 - 16th European Symposium on Research in Computer Security, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 6879 LNCS, Springer Verlag, pp. 452-471, 16th European Symposium on Research in Computer Security, ESORICS 2011, Leuven, Belgium, 12/09/11. https://doi.org/10.1007/978-3-642-23822-2_25

Forcing Johnny to login safely: Long-term user study of forcing and training login mechanisms. / Herzberg, Amir; Margulies, Ronen.
Computer Security, ESORICS 2011 - 16th European Symposium on Research in Computer Security, Proceedings. Springer Verlag, 2011. p. 452-471 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 6879 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Forcing Johnny to login safely

T2 - 16th European Symposium on Research in Computer Security, ESORICS 2011

AU - Herzberg, Amir

AU - Margulies, Ronen

PY - 2011

Y1 - 2011

N2 - We present the results of the first long-term user study of site-based login mechanisms which force and train users to login safely. We found that interactive site-identifying images received 70% detection rates, which is significantly better than passive indicators' results [15,8,12]. We also found that login bookmarks, when used together with 'non-working' links, doubled the prevention rates of reaching spoofed login pages in the first place. Combining these mechanism provides effective prevention and detection of phishing attacks, and when several images are displayed in the login page, the best detection rates (82%) and overall resistance rates (93%) are achieved. We also introduce the notion of negative training functions, which train users not to take dangerous actions by experiencing failure when taking them.

AB - We present the results of the first long-term user study of site-based login mechanisms which force and train users to login safely. We found that interactive site-identifying images received 70% detection rates, which is significantly better than passive indicators' results [15,8,12]. We also found that login bookmarks, when used together with 'non-working' links, doubled the prevention rates of reaching spoofed login pages in the first place. Combining these mechanism provides effective prevention and detection of phishing attacks, and when several images are displayed in the login page, the best detection rates (82%) and overall resistance rates (93%) are achieved. We also introduce the notion of negative training functions, which train users not to take dangerous actions by experiencing failure when taking them.

UR - http://www.scopus.com/inward/record.url?scp=80053013660&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-23822-2_25

DO - 10.1007/978-3-642-23822-2_25

M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???

AN - SCOPUS:80053013660

SN - 9783642238215

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 452

EP - 471

BT - Computer Security, ESORICS 2011 - 16th European Symposium on Research in Computer Security, Proceedings

PB - Springer Verlag

Y2 - 12 September 2011 through 14 September 2011

ER -

Herzberg A, Margulies R. Forcing Johnny to login safely: Long-term user study of forcing and training login mechanisms. In Computer Security, ESORICS 2011 - 16th European Symposium on Research in Computer Security, Proceedings. Springer Verlag. 2011. p. 452-471. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-642-23822-2_25

Forcing Johnny to login safely: Long-term user study of forcing and training login mechanisms

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this