ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Password sharing: implications for security design based on social practice
Full text PdfPdf (119 KB)
Source
Conference on Human Factors in Computing Systems archive
Proceedings of the SIGCHI conference on Human factors in computing systems table of contents
San Jose, California, USA
SESSION: Security table of contents
Pages: 895 - 904  
Year of Publication: 2007
ISBN:978-1-59593-593-9
Authors
Supriya Singh  RMIT University, Melbourne, Australia
Anuja Cabraal  RMIT University, Melbourne, Australia
Catherine Demosthenous  Griffith University, Brisbane, Australia
Gunela Astbrink  GSA Information Consulants, Brisbane, Australia
Michele Furlong  GSA Information Consulants, Brisbane, Australia
Sponsors
ACM: Association for Computing Machinery
SIGCHI: ACM Special Interest Group on Computer-Human Interaction
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 26,   Downloads (12 Months): 261,   Citation Count: 0
Additional Information:

abstract   references   index terms   collaborative colleagues  

Tools and Actions: Review this Article  
Save this Article to a Binder    Display Formats: BibTex  EndNote ACM Ref   
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1240624.1240759
What is a DOI?

ABSTRACT

Current systems for banking authentication require that customers not reveal their access codes, even to members of the family. A study of banking and security in Australia shows that the practice of sharing passwords does not conform to this requirement. For married and de facto couples, password sharing is seen as a practical way of managing money and a demonstration of trust. Sharing Personal Identification Numbers (PINs) is a common practice among remote indigenous communities in Australia. In areas with poor banking access, this is the only way to access cash. People with certain disabilities have to share passwords with carers, and PIN numbers with retail clerks. In this paper we present the findings of a qualitative user study of banking and money management. We suggest design criteria for banking security systems, based on observed social and cultural practices of password and PIN number sharing.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Ackerman, M.S. The intellectual challenge of CSCW: The gap between social requirements and technical feasibility. in Carroll, J.M. ed. Human-Computer Interaction in the New Millennium, ACM Press, New York, 2002, 303--324.
2
Anne Adams , Martina Angela Sasse, Users are not the enemy, Communications of the ACM, v.42 n.12, p.40-46, Dec. 1999  [doi>10.1145/322796.322806]
 
3
Philip E. Agre, Introduction, Technology and privacy: the new landscape, MIT Press, Cambridge, MA, 1997
 
4
Australian Bankers' Association Inc. Stay safe online: ABA supports the e-security awareness week, Australian Bankers' Association Inc, 2006.
 
5
Australian Securities and Investment Commission. Electronic Funds Transfer Code of Conduct: As revised by the Australian Securities & Investments Commission's EFT Working Group, Australian Securities and Investment Commission, Sydney, 2002.
 
6
Barr, T., Knowles, A. and Moore, S. Taking users up the value chain: Australian Internet research, Smart Internet Technology Cooperative Research Centre, Melbourne, 2004, 89.
 
7
Birdsall, C. All in the family. in Keen, I. ed. Being Black: Aboriginal cultures in 'settled' Australia, Aboriginal Studies Press for the Australian Institute of Aboriginal Studies, Canberra, 1994, 137--158.
 
8
Bishop, M. Psychological acceptability revisited. in Cranor, L.F. and Garfinkel, S. eds. Security and Usability: Designing Secure Systems that People Can Use, O'Reilly, Sebastopol, CA, 2005, 1--11.
 
9
Bollier, D. The future of electronic commerce: A report of the Fourth Annual Aspen Institute Roundtable on Information Technology, The Aspen Institute, Aspen, Colorado, 1996.
 
10
Buchanan, R. Banking tips and tricks. Link, 15 (2). 3--5.
 
11
Cranor, L.F. and Garfinkel, S. Preface. in Cranor, L.F. and Garfinkel, S. eds. Security and Usability: Designing Secure Systems that People Can Use, O'Reilly, Sebastopol, CA, 2005, ix--xviii.
 
12
Rachna Dhamija , Adrian Perrig, Déjà Vu: a user study using images for authentication, Proceedings of the 9th conference on USENIX Security Symposium, p.4-4, August 14-17, 2000, Denver, Colorado
 
13
D'Hertefelt, S. Trust and the perception of security, 2000.
 
14
Paul Dourish , E. Grinter , Jessica Delgado de la Flor , Melissa Joseph, Security in the wild: user strategies for managing security as an everyday, practical problem, Personal and Ubiquitous Computing, v.8 n.6, p.391-401, November 2004  [doi>10.1007/s00779-004-0308-5]
 
15
Margaret Bruce , Malcolm Peltu , William H. Dutton, Society on the Line: Information Politics in the Digital Age, Oxford University Press, 1999
 
16
Erickson, T. and Kellogg, W.A. Social translucence: Designing systems that support social processes. in Carroll, J.M. ed. Human-Computer Interaction in the New Millennium, ACM Press, New York, 2002, 325--345.
17
Batya Friedman , Jonathan Grudin, Trust and accountability: preserving human values in interactional experience, CHI 98 conference summary on Human factors in computing systems, p.213, April 18-23, 1998, Los Angeles, California, United States  [doi>10.1145/286498.286699]
18
Shirley Gaw , Edward W. Felten , Patricia Fernandez-Kelly, Secrecy, flagging, and paranoia: adoption criteria in encrypted email, Proceedings of the SIGCHI conference on Human Factors in computing systems, April 22-27, 2006, Montréal, Québec, Canada  [doi>10.1145/1124772.1124862]
 
19
Glaser, B.G. and Strauss, A.L. The discovery of grounded theory: Strategies for qualitative research. Aldine, Chicago, 1967.
 
20
Haythornthwaite, C. and Wellman, B. The Internet in Everyday Life: An Introduction. in Wellman, B. and Haythornthwaite, C. eds. The Internet in Everyday Life, Blackwell Publishing, Oxford, 2002, 3--41.
 
21
Hsiao, R.-L. Technology fears: distrust and cultural persistence in electronic marketplace adoption. The Journal of Strategic Information Systems, 12 (3). 169--199.
 
22
Clare-Marie Karat , John Karat , Carolyn Brodie, Editorial: why HCI research in privacy and security is critical now, International Journal of Human-Computer Studies, v.63 n.1-2, p.1-4, July 2005  [doi>10.1016/j.ijhcs.2005 04.016]
 
23
Lee, J. and Allaway, A. Effects of personal control on adoption of self-service technology innovations. Journal of Services Marketing, 16 (6). 553--572.
 
24
Chang Liu , Jack T. Marchewka , June Lu , Chun-Sheng Yu, Beyond concern: a privacy-trust-behavioral intention model of electronic commerce, Information and Management, v.42 n.1, p.127-142, December 2004  [doi>10.1016/j.im.2004.01.002]
 
25
Luhmann, N. Familiarity, confidence, trust: problems and alternatives. in Gambetta, D. ed. Trust: Making and Breaking Cooperative Relations, Basil Blackwell, New York, 1988, 94--107.
 
26
Miller, D. and Slater, D. The Internet: An ethnographic approach. Berg, Oxford, 2000.
 
27
Mills, E. Taking passwords to the grave, CNET News.com, 2006, September 22.
 
28
Morse, J.M. and Richards, L. Readme First for a User's Guide to Qualitative Methods. Sage Publications, Thousand Oaks, Calif., 2002.
 
29
Noonan, T. Accessible e-commerce in Australia: A discussion paper about the effects of electronic commerce developments on people with disabilities, 1999.
 
30
Donald A. Norman, The invisible computer, MIT Press, Cambridge, MA, 1998
31
Judith S. Olson , Jonathan Grudin , Eric Horvitz, A study of preferences for sharing and privacy, CHI '05 extended abstracts on Human factors in computing systems, April 02-07, 2005, Portland, OR, USA  [doi>10.1145/1056808.1057073]
32
Leysia Palen , Paul Dourish, Unpacking "privacy" for a networked world, Proceedings of the SIGCHI conference on Human factors in computing systems, April 05-10, 2003, Ft. Lauderdale, Florida, USA  [doi>10.1145/642611.642635]
 
33
Renaud, K. Evaluating authentication mechanisms. in Cranor, L.F. and Garfinkel, S. eds. Security and Usability: Designing Secure Systems that People Can Use, O'Reilly, Sebastopol, CA, 2005, 103--128.
 
34
Renouf, G. Bookup -- some consumer problems. A report for ASIC, 2002.
 
35
Sasse, M.A. and Flechais, I. Usable security: Why do we need it? How do we get it? in Cranor, L.F. and Garfinkel, S. eds. Security and Usability: Designing Secure Systems that People Can Use, O'Reilly, Sebastopol, CA, 2005, 13--30.
 
36
Schneier, B. Applied Cryptography. John Wiley & Sons, New York, 1996.
 
37
Bruce Schneier, Secrets & Lies: Digital Security in a Networked World, John Wiley & Sons, Inc., New York, NY, 2000
 
38
Senior, K., Perkins, D. and Bern, J. Variation in material wellbeing in a welfare based economy, South East Arnhem Land Collaborative Research Project, University of Wollongong, Wollongong, 2002.
 
39
Singh, S. Marriage money: the social shaping of money in marriage and banking. Allen & Unwin, St. Leonards, NSW, 1997.
 
40
Singh, S. and Cassar-Bartolo, K., The privacy of money and health. in OZCHI, (Wollongong, 2004).
 
41
Singh, S., Jackson, M., Beekhuyzen, J. and Cabraal, A., The Bank and I: Privacy, Banking and Life Stage. in CHI2006 Workshop on Privacy-Enhanced Personalization, (Montreal, Canada, 2006), National Science Foundation, 74--82.
 
42
Singh, S. and Slegers, C. Trust and electronic money, Centre for International Research on Communication and Information Technologies, Melbourne, 1997.
 
43
Suh, B. and Han, I. Effect of trust on customer acceptance of Internet banking. Electronic Commerce Research and Applications, 1 (3-4). 247--263.
 
44
Tognazzini, B. Design for usability. in Cranor, L.F. and Garfinkel, S. eds. Security and Usability: Designing Secure Systems that People Can Use, O'Reilly, Sebastopol, CA, 2005, 31--46.
 
45
Westpac Banking Corporation. Internet Banking Terms and Conditions, Sydney, 2006.
 
46
Ka-Ping Yee, Aligning Security and Usability, IEEE Security and Privacy, v.2 n.5, p.48-55, September 2004  [doi>10.1109/MSP.2004.64]
 
47
Zelizer, V. The social meaning of money. Basic Books, New York, 1994.

INDEX TERMS

Primary Classification:
  K. Computing Milieux
  K.4 COMPUTERS AND SOCIETY
      K.4.2 Social Issues

Additional Classification:
  H. Information Systems
  H.5 INFORMATION INTERFACES AND PRESENTATION (I.7)
      H.5.m Miscellaneous


General Terms:
Human Factors, Security


Keywords:
Australia, UCD, banking, security, sharing passwords, social and cultural centered design

Collaborative Colleagues:
Supriya Singh: colleagues
Anuja Cabraal: colleagues
Catherine Demosthenous: colleagues
Gunela Astbrink: colleagues
Michele Furlong: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2008 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player