Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Deception Task Design in Developer Password Studies: Exploring a Student Sample

: Naiakshina, Alena; Danilova, Anastasia; Tiefenau, Christian; Smith, Matthew

Fulltext (PDF; )

USENIX Association:
Fourteenth Symposium on Usable Privacy and Security, SOUPS 2018. Proceedings : August 12-14, 2018, Baltimore, MD, USA
Berkeley, CA, USA: USENIX, 2018
ISBN: 978-1-931971-45-4
Symposium on Usable Privacy and Security (SOUPS) <14, 2018, Baltimore/Md.>
Conference Paper, Electronic Publication
Fraunhofer FKIE ()

Studying developer behavior is a hot topic for usable security researchers. While the usable security community has ample experience and best-practice knowledge concerning the design of end-user studies, such knowledge is still lacking for developer studies. We know from end-user studies that task design and framing can have significant effects on the outcome of the study. To offer initial insights into these effects for developer research, we extended our previous password storage study [42]. We did so to examine the effects of deception studies with regard to developers. Our results show that there is a huge effect - only 2 out of the 20 non-primed participants even attempted a secure solution, as compared to the 14 out of 20 for the primed participants. In this paper, we will discuss the duration of the task and contrast qualitative vs. quantitative research methods for future developer studies. In addition to these methodological contributions, we also provide further insights into why developers store passwords insecurely.