User-Centric Adaptive Password Policies to Combat Password Fatigue

Today, online users will have an average of 25 password-protected accounts online, yet use, on average, 6.5 passwords. The excessive cognitive burden of remembering large amounts of passwords causes Password Fatigue. Therefore users tend to reuse passwords or recycle password patterns whenever prompted to change their passwords regularly. Researchers have created Adaptive Password Policies to prevent users from creating new passwords similar to previously created ones. However, this approach creates user frustration as it neglects users’ cognitive burden. This paper proposes a novel User-Centric Adaptive Password Policy (UCAPP) Framework for password creation and management that assigns users system-generated passwords based on a cognitive-behavioural agent-based model. The framework comprises a Password Policy Assignment Test (PassPAST), a Cognitive Burden Scale (CBS), a User Profiling Algorithm, and a Password Generator (PassGEN). The framework creates tailor-made password policies that maintain password memorability for users of different cognitive thresholds without sacrificing password strength and entropy. The framework successfully created 30-40% stronger passwords for Critical users and random (non-mnemonic) passwords for Typical users based on each individual’s cognitive password thresholds in a preliminary test.

On the Security of Smartphone Unlock PINs

In this article, we provide the first comprehensive study of user-chosen four- and six-digit PINs ( n =1705}) collected on smartphones with participants being explicitly primed for device unlocking. We find that against a throttled attacker (with 10, 30, or 100 guesses, matching the smartphone unlock setting), using six-digit PINs instead of four-digit PINs provides little to no increase in security and surprisingly may even decrease security. We also study the effects of blocklists, where a set of “easy to guess” PINs is disallowed during selection. Two such blocklists are in use today by iOS, for four digits (274 PINs) as well as six digits (2,910 PINs). We extracted both blocklists and compared them with six other blocklists, three for each PIN length. In each case, we had a small (four-digit: 27 PINs; six-digit: 29 PINs), a large (four-digit: 2,740 PINs; six-digit: 291,000 PINs), and a placebo blocklist that always excluded the first-choice PIN. For four-digit PINs, we find that the relatively small blocklist in use today by iOS offers little to no benefit against a throttled guessing attack. Security gains are only observed when the blocklist is much larger. In the six-digit case, we were able to reach a similar security level with a smaller blocklist. As the user frustration increases with the blocklists size, developers should employ a blocklist that is as small as possible while ensuring the desired security.Based on our analysis, we recommend that for four-digit PINs a blocklist should contain the 1,000 most popular PINs to provide the best balance between usability and security and for six-digit PINs the 2,000 most popular PINs should be blocked.

EP.FRI.116 Bleeping Etiquettes

Introduction Bleeps are a vestige of decades old technology common place in NHS Trusts. No formal guidelines exist to regulate the use of the bleep leading to user frustration on both ends of the system. Many junior doctors reported a high number of inappropriate and disruptive bleeps. This quality improvement project aimed to formulate a guide for the use of the bleep system. Methods Formal interviews were conducted among clinical and non-clinical staff as to the expectations in the use of the bleeping system. A list of bleeping etiquettes was created following formal interview and formed the basis of a Trust survey to formulate a Bleeping protocol. Results The following bleeping etiquettes were agreed upon; Conclusion A formalized protocol for bleeping can lead to a more effective and stress-free bleeping system.

Modeling the Level of User Frustration for the Impaired Telemeeting Service Using User Frustration Susceptibility Index (UFSI)

Modern users are accustomed to always-accessible networks ready to serve all of their communication, entertainment, information, and other needs, at the touch of their devices. Spoiled with choices provided on the competitive markets, the risk of customer churn makes network and service providers sensitive to user Quality of Experience (QoE). Services that enable people to work and industries to function in these pandemic times, such as the telemeeting service, are becoming ever more critical, not just for the end-users but also for the providers. Nevertheless, the heterogeneity of end-users network environments and the uniqueness of the service (bidirectional video and audio transmissions and interactivity between the meeting peers) imposes specific QoE requirements. Hence, this paper focuses on understanding how different service quality degradations affect user perception and frustration with such impaired service. The impact of eight quality degradations was analyzed. Based on the conducted user study, we used the multiple regression analysis and developed three models capable of predicting user Level of Frustration (LoF) for the specific degradations that we have analyzed. The models work with the User Frustration Susceptibility Index (UFSI), which categorizes users into groups based on their tendency to become frustrated with the impaired service.

Human-AI interactions through a Gricean lens

Grice’s Cooperative Principle (1975), which describes the implicit maxims that guide effective conversation, has long been applied to conversations between humans. However, as humans begin to interact with non-human dialogue systems more frequently and in a broader scope, an important question emerges: what principles govern those interactions? In the present study, this question is addressed, as human-AI interactions are categorized using Grice’s four maxims. In doing so, it demonstrates the advantages and shortcomings of such an approach, ultimately demonstrating that humans do, indeed, apply these maxims to interactions with AI, even making explicit references to the AI’s performance through a Gricean lens. Twenty-three participants interacted with an American English-speaking Alexa and rated and discussed their experience with an in-lab researcher. Researchers then reviewed each exchange, identifying those that might relate to Grice’s maxims: Quantity, Quality, Manner, and Relevance. Many instances of explicit user frustration stemmed from violations of Grice’s maxims. Quantity violations were noted for too little but not too much information, while Quality violations were rare, indicating high trust in Alexa’s responses. Manner violations focused on speed and humanness. Relevance violations were the most frequent of all violations, and they appear to be the most frustrating. While the maxims help describe many of the issues participants encountered with Alexa’s responses, other issues do not fit neatly into Grice’s framework. For example, participants were particularly averse to Alexa initiating exchanges or making unsolicited suggestions. To address this gap, we propose the addition of human Priority to describe human-AI interaction. Humans and AIs are not (yet?) conversational equals, and human initiative takes priority. Moreover, we find that Relevance is of particular importance in human-AI interactions and suggest that the application of Grice’s Cooperative Principles to human-AI interactions is beneficial both from an AI development perspective as well as a tool for describing an emerging form of interaction.

A Conceptual Framework for IT Governance Mechanisms in Uganda's Higher Institutions of Learning

Poor implementation of Information Technology Governance (ITG) leads to several IT systems performing poorly. Resulting to discontinuity of services, user frustration, loss of IT investment, increased redundancy, duplication of efforts, poor decision-making, and reputation loss. In Uganda, implementation of ITG is low as many public sector organizations are yet to streamline. Yet, for Higher Institutions of Learning (HILs), the implementation of ITG is unexplored. Therefore, this study sought to determine the required mechanisms to design an ITG framework for HILs in Uganda (IGHU). A descriptive field study was conducted and the data were analyzed using SmartPLS 2.3.9 software. The causal relationships and validity of the constructs of IGHU were tested using partial least square path modeling. The coefficient of determination was 0.35; the path coefficient indicated both positive and negative relationships of independent to dependent constructs, and hypotheses such as accountability of IT projects and awareness campaigns were statistically significant.

Tiny noise, big mistakes: adversarial perturbations induce errors in brain–computer interface spellers

An electroencephalogram (EEG)-based brain–computer interface (BCI) speller allows a user to input text to a computer by thought. It is particularly useful to severely disabled individuals, e.g. amyotrophic lateral sclerosis patients, who have no other effective means of communication with another person or a computer. Most studies so far focused on making EEG-based BCI spellers faster and more reliable; however, few have considered their security. This study, for the first time, shows that P300 and steady-state visual evoked potential BCI spellers are very vulnerable, i.e. they can be severely attacked by adversarial perturbations, which are too tiny to be noticed when added to EEG signals, but can mislead the spellers to spell anything the attacker wants. The consequence could range from merely user frustration to severe misdiagnosis in clinical applications. We hope our research can attract more attention to the security of EEG-based BCI spellers, and more broadly, EEG-based BCIs, which has received little attention before.

Comparative Effectiveness of Best Practice Alerts with Active and Passive Presentations: A Retrospective Study

We assess the relationship of active or passive presentation of Best Practice Advisories (BPAs) for hospital clinicians with compliance rates of recommended actions. We identify the design characteristics of alerts that can be used to assess the effectiveness of design choices with superior usability. Alerts in Electronic Health Records (EHRs) are frequently overridden by healthcare providers. Identifying characteristics of effective alerts can increase the frequency that actions recommended in evidence-based care guidelines are done, reduce user frustration, and improve interface usability along with the willingness to use alerts. We conducted a retrospective analysis of data for 11 BPAs between June 2014 and May 2015. The outcome measure was the percent correspondence with recommended actions. A repeated measures regression model was used for the correlation of the BPA presentation type with the outcome measure. The BPA presentation type was significant such that the odds are 7.7 times greater that a recommended action would be taken by a provider with an active BPA presentation type after adjusting for whether an action was required. Active presentation alerts achieve higher compliance rates. CDS alerts that actively interrupted the provider’s workflow were associated with a higher compliance rate with recommended actions.

The Influence of User Interface Component on University Website Towards Student Enrollment

Website interface can be a very effective communication medium between the university and the users such as potential students, current students and other authorities. The purpose of this study is to investigate interface components that represent important information in university website, which led to the enrollment of students. This study is motivated by the user frustration or thwarted by the frequent usability problems of university website and problem in representing important information into required by potential students. The interface component and the important information on university website are identified through a comprehensive literature review. There are several factors that influence the student's decision process such as tuition fees, scholarship, ratings / reputation, vicinity to home and the majors offered. The interface components that are used in this research are metaphor, navigation, mental model, interactions and appearance. This study will produce the interface design guideline based on the most frequent used of interface component. Analysis of 5 universities has been conducted to identify how the important information, which leads to student’s enrollments is presented on the interface.