Abstract
PINs have been around for half a century and many insecure PIN-related practices are used. We attempted to mitigate by developing two new PIN memorial assistance mechanisms that we tested in an online study. We were not able to show an improvement in memorability, mostly because people did not use the memorial aids. We realised that a greater insight into PIN Management mental models was needed, in order the better to formulate mitigation approaches. We proceeded to study PIN-related mental models, and we present our findings in this paper. The insights we gained convinced us that security researchers should not presume that people want, or need, our advice or help in any security context; they might well prefer to continue with their usual trusted practices. Yet advice should indeed still be offered, for those who do want it, and we make some suggestions about what this advice should look like in the PIN context.
Original language | English |
---|---|
Pages | 18-23 |
Number of pages | 6 |
DOIs | |
Publication status | Published - 21 Oct 2015 |
Event | 2015 World Congress on Internet Security (WorldCIS) - Dublin, Ireland Duration: 19 Oct 2015 → 21 Oct 2015 |
Conference
Conference | 2015 World Congress on Internet Security (WorldCIS) |
---|---|
Country/Territory | Ireland |
City | Dublin |
Period | 19/10/15 → 21/10/15 |
Keywords
- PIN management
- mental models
- security research