Cryptography Reference
In-Depth Information
years old) and 20% Old (45-54 years old). In addition to the students and non-students
category, we have also pursued gender-centric and age-centric analysis. However, due
to space constraints, we only restrict ourselves to the former in the rest of this paper,
which we believe is most important to our study.
Gender, age and other information was collected through a Pre Test questionnaire
completed by our participants prior to starting the test process. None of the study par-
ticipants reported any physical impairment that could interfere with their ability to com-
plete a given task.
4.2
Testing Process
Our study was conducted at two testing locations, one on-campus (at our university)
for the students and the other off-campus for non-students. These two venues were
chosen solely for the purpose of convenience to the targeted participant groups. Same
devices (USB drive and phone) and computer terminal (see Section 3) were used at
both locations giving rise to consistent test set-up across all users. Our study lasted for
a duration of about two months.
An overview of the testing process was given to each respondent prior to the study
and due care was taken to minimise any scope of explicit “priming” of respondents
considering a security-focused nature of our study. 2 Such a priming in terms of security
can possibly result in skewed (over-alert) participant behavior and in biased results, as
demonstrated by prior research [20].
As mentioned previously, after administering the Pre Test questionnaire, the respon-
dents were asked to perform five tasks corresponding to each password manager. Any
possible user errors in performing the above tasks were taken note of by the test admin-
istrator (no such errors were observed throughout our study, however).
1. Register involves registering with a password manager the password, username
and other information for a particular web site.
2. Login involves login to a web site, whose password has already been saved with a
password manager.
3. Second Login is similar to the Login task, only difference being the computer is
not the same as the one used in the previous task. This task is aimed at judging the
portability of the password manager from terminal to terminal.
4. Change Password involves changing the password, both with the website and pass-
word manager.
5. Login with New Password involves repeating the login task but with the new pass-
word.
As mentioned in Section 3, the test set-up comprised of a desktop computer which acted
as the primary computer for Login, Change Password and Login with New Password,
and a laptop for Second Login. This set-up, consisting of two computers, was used in
order to closely mimic the tasks akin to a realistic password manager setting.
A randomly chosen 8 character master password was provided to each test user,
which he/she was asked to memorize and use throughout the experiments.
2
Since the study was about password managers, it was neither possible nor meaningful to avoid
implicit priming.
 
Search WWH ::




Custom Search