000000259 001__ 259
000000259 005__ 20130522141941.0
000000259 037__ $$aLERSSE-RefConfPaper-2011-004
000000259 100__ $$aSan-Tsai Sun
000000259 245__ $$aWhat Makes Users Refuse Web Single Sign-On? An Empirical Investigation of OpenID
000000259 260__ $$c2011-06-15
000000259 300__ $$a20
000000259 520__ $$aOpenID is an open and promising Web single sign-on (SSO) solution. This work investigates the challenges and concerns web users face when using OpenID for authentication, and identifies what changes in the login flow could improve the users' experience and adoption incentives. We found our participants had several behaviors, concerns, and misconceptions that hinder the OpenID adoption process: (1) their existing password management strategies reduce the perceived usefulness of SSO; (2) many (26%) expressed concerns with single-point-of-failure related issues; (3) most (71%) held the incorrect belief that the OpenID credentials are being given to the content providers; (4) half exhibited an inability to distinguish a fake Google login form, even when prompted; (5) many (40%) were hesitant to consent to the release of their personal profile information; and (6) many (36%) expressed concern with the use of SSO on websites that contain valuable personal information or, conversely, are not trustworthy. We also found that with an improved affordance and privacy control, more than 60% of study participants would use Web SSO solutions on the websites they trust.
000000259 6531_ $$aOpenID
000000259 6531_ $$aWeb Single Sign-On
000000259 6531_ $$aIdentity Enabled Browser
000000259 6531_ $$aissnet
000000259 700__ $$aEric Pospisil
000000259 700__ $$aIldar Muslukhov
000000259 700__ $$aNuray Dindar
000000259 700__ $$aKirstie Hawkey
000000259 700__ $$aKonstantin Beznosov
000000259 8560_ $$fsantsais@ece.ubc.ca
000000259 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/259/files/259.pdf$$yTransfer from CDS 0.99.7
000000259 909C4 $$pSan-Tsai Sun, Eric Pospisil, Ildar Muslukhov, Nuray Dindar, Kirstie Hawkey, and Konstantin Beznosov. What makes users refuse web single sign-on? an empirical investigation of OpenID. In Proceedings of Symposium on Usable Privacy and Security, July 2011.
000000259 980__ $$aRefConfPaper