Fraunhofer-Gesellschaft

Publica

Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

"If you want, I can store the encrypted password". A Password-Storage Field Study with Freelance Developers

 
: Naiakshina, A.; Danilova, A.; Gerlitz, E.; Zezschwitz, E. von; Smith, M.

:

Brewster, Stephen (General Chair) ; Association for Computing Machinery -ACM-:
CHI 2019, Conference on Human Factors in Computing Systems. Proceedings : May 4-9, 2019, Glasgow, Scotland UK; Weaving the Threads of CHI
New York: ACM, 2019
ISBN: 978-1-4503-5970-2
Art. 140, 12 pp.
Conference on Human Factors in Computing Systems (CHI) <2019, Glasgow>
European Research Council ERC
678341
English
Conference Paper
Fraunhofer FKIE ()

Abstract
In 2017 and 2018, Naiakshina et al. [21, 22] studied in a lab setting whether computer science students need to be told to write code that stores passwords securely. The authors' results showed that, without explicit prompting, none of the students implemented secure password storage. When asked about this oversight, a common answer was that they would have implemented secure storage - if they were creating code for a company. To shed light on this possible confusion, we conducted a mixed-methods field study with developers. We hired free-lance developers online and gave them a similar password storage task followed by a questionnaire to gain additional insights into their work. From our research, we offer two contributions. First of all, we reveal that, similar to the students, freelancers do not store passwords securely unless prompted, they have misconceptions about secure password storage, and they use outdated methods. Secondly, we discuss the methodological implications of using freelancers and students in developer studies.

: http://publica.fraunhofer.de/documents/N-569179.html