TU Darmstadt / ULB / TUbiblio

Nudging Bank Account Holders Towards More Secure PIN Management

Gutmann, Andreas ; Renaud, Karen ; Volkamer, Melanie (2015)
Nudging Bank Account Holders Towards More Secure PIN Management.
doi: 10.20533/jitst.2046.3723.2015.0049
Konferenzveröffentlichung, Bibliographie

Kurzbeschreibung (Abstract)

The memorability of PINs is an enduring security issue. This is especially pertinent in the context of banking, where technical systems evolve more slowly than in other contexts (e.g. many mobile phone operating systems have adopted alternative authentication mechanisms). Banking customers who struggle to memorise all their PINs often record them, sometimes insecurely, flying in the face of advice from their banks. Banks respond to memorisation difficulties by permitting customers to change their PINs. The reality is that both recording and changing unwittingly weakens the mechanism by increasing predictability. Yet trying to forbid these coping strategies is futile. It is far better to acknowledge the prevalence of such behaviours and to try to nudge people towards more secure PIN management. In this paper, we suggest a way of achieving this.

Typ des Eintrags: Konferenzveröffentlichung
Erschienen: 2015
Autor(en): Gutmann, Andreas ; Renaud, Karen ; Volkamer, Melanie
Art des Eintrags: Bibliographie
Titel: Nudging Bank Account Holders Towards More Secure PIN Management
Sprache: Englisch
Publikationsjahr: Juni 2015
Verlag: Infonomics Society
Buchtitel: Journal of Internet Technology and Secured Transaction (JITST)
Band einer Reihe: 4
DOI: 10.20533/jitst.2046.3723.2015.0049
Kurzbeschreibung (Abstract):

The memorability of PINs is an enduring security issue. This is especially pertinent in the context of banking, where technical systems evolve more slowly than in other contexts (e.g. many mobile phone operating systems have adopted alternative authentication mechanisms). Banking customers who struggle to memorise all their PINs often record them, sometimes insecurely, flying in the face of advice from their banks. Banks respond to memorisation difficulties by permitting customers to change their PINs. The reality is that both recording and changing unwittingly weakens the mechanism by increasing predictability. Yet trying to forbid these coping strategies is futile. It is far better to acknowledge the prevalence of such behaviours and to try to nudge people towards more secure PIN management. In this paper, we suggest a way of achieving this.

Freie Schlagworte: Security, Usability and Society
ID-Nummer: TUD-CS-2016-0017
Fachbereich(e)/-gebiet(e): LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
20 Fachbereich Informatik > SECUSO - Security, Usability and Society
20 Fachbereich Informatik > Theoretische Informatik - Kryptographie und Computeralgebra
Profilbereiche > Cybersicherheit (CYSEC)
LOEWE > LOEWE-Zentren
20 Fachbereich Informatik
Profilbereiche
LOEWE
Hinterlegungsdatum: 28 Jul 2016 18:35
Letzte Änderung: 17 Mai 2018 13:02
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen