Deception Task Design in Developer Password Studies: Exploring a Student Sample
Authors: Alena Naiakshina, Anastasia Danilova, Christian Tiefenau, Matthew Smith

Date: August 12 2018
Publication: Proceedings of the Fourteenth USENIX Symposium on Usable Privacy and Security (SOUPS '18)
Page(s): 297 - 313
Publisher: USENIX
Source 1:

Abstract or Summary:
Studying developer behavior is a hot topic for usable security researchers. While the usable security community has ample experience and best-practice knowledge concerning the design of end-user studies, such knowledge is still lacking for developer studies. We know from end-user studies that task design and framing can have significant effects on the outcome of the study. To offer initial insights into these effects for developer research, we extended our previous password storage study [42]. We did so to examine the effects of deception studies with regard to developers. Our results show that there is a huge effect - only 2 out of the 20 nonprimed participants even attempted a secure solution, as compared to the 14 out of 20 for the primed participants. In this paper, we will discuss the duration of the task and contrast qualitative vs. quantitative research methods for future developer studies. In addition to these methodological contributions, we also provide further insights into why developers store passwords insecurely. Note: Slides from presentation:

Do you have additional information to contribute regarding this research paper? If so, please email with the details.

<-- Back to Authentication Research Paper Index

[Home] [About Us] [News] [Research]

Copyright © 2019