TU Darmstadt / ULB / TUbiblio

Nudging Bank Account Holders Towards More Secure PIN Management

Gutmann, Andreas ; Renaud, Karen ; Volkamer, Melanie :
Nudging Bank Account Holders Towards More Secure PIN Management.
Journal of Internet Technology and Secured Transaction (JITST) Infonomics Society
[ Konferenzveröffentlichung] , (2015)

Kurzbeschreibung (Abstract)

The memorability of PINs is an enduring security issue. This is especially pertinent in the context of banking, where technical systems evolve more slowly than in other contexts (e.g. many mobile phone operating systems have adopted alternative authentication mechanisms). Banking customers who struggle to memorise all their PINs often record them, sometimes insecurely, flying in the face of advice from their banks. Banks respond to memorisation difficulties by permitting customers to change their PINs. The reality is that both recording and changing unwittingly weakens the mechanism by increasing predictability. Yet trying to forbid these coping strategies is futile. It is far better to acknowledge the prevalence of such behaviours and to try to nudge people towards more secure PIN management. In this paper, we suggest a way of achieving this.

Typ des Eintrags: Konferenzveröffentlichung
Erschienen: 2015
Autor(en): Gutmann, Andreas ; Renaud, Karen ; Volkamer, Melanie
Titel: Nudging Bank Account Holders Towards More Secure PIN Management
Sprache: Englisch
Kurzbeschreibung (Abstract):

The memorability of PINs is an enduring security issue. This is especially pertinent in the context of banking, where technical systems evolve more slowly than in other contexts (e.g. many mobile phone operating systems have adopted alternative authentication mechanisms). Banking customers who struggle to memorise all their PINs often record them, sometimes insecurely, flying in the face of advice from their banks. Banks respond to memorisation difficulties by permitting customers to change their PINs. The reality is that both recording and changing unwittingly weakens the mechanism by increasing predictability. Yet trying to forbid these coping strategies is futile. It is far better to acknowledge the prevalence of such behaviours and to try to nudge people towards more secure PIN management. In this paper, we suggest a way of achieving this.

Buchtitel: Journal of Internet Technology and Secured Transaction (JITST)
Band: 4
Verlag: Infonomics Society
Freie Schlagworte: Security, Usability and Society
Fachbereich(e)/-gebiet(e): LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
20 Fachbereich Informatik > SECUSO - Security, Usability and Society
20 Fachbereich Informatik > Theoretische Informatik - Kryptographie und Computeralgebra
Profilbereiche > Cybersicherheit (CYSEC)
LOEWE > LOEWE-Zentren
20 Fachbereich Informatik
Profilbereiche
LOEWE
Hinterlegungsdatum: 28 Jul 2016 18:35
DOI: 10.20533/jitst.2046.3723.2015.0049
ID-Nummer: TUD-CS-2016-0017
Export:

Optionen (nur für Redakteure)

Eintrag anzeigen Eintrag anzeigen