TU Darmstadt / ULB / TUbiblio

Nudging Bank Account Holders Towards More Secure PIN Management

Gutmann, Andreas and Renaud, Karen and Volkamer, Melanie (2015):
Nudging Bank Account Holders Towards More Secure PIN Management.
In: Journal of Internet Technology and Secured Transaction (JITST), Infonomics Society, 4, DOI: 10.20533/jitst.2046.3723.2015.0049,
[Conference or Workshop Item]

Abstract

The memorability of PINs is an enduring security issue. This is especially pertinent in the context of banking, where technical systems evolve more slowly than in other contexts (e.g. many mobile phone operating systems have adopted alternative authentication mechanisms). Banking customers who struggle to memorise all their PINs often record them, sometimes insecurely, flying in the face of advice from their banks. Banks respond to memorisation difficulties by permitting customers to change their PINs. The reality is that both recording and changing unwittingly weakens the mechanism by increasing predictability. Yet trying to forbid these coping strategies is futile. It is far better to acknowledge the prevalence of such behaviours and to try to nudge people towards more secure PIN management. In this paper, we suggest a way of achieving this.

Item Type: Conference or Workshop Item
Erschienen: 2015
Creators: Gutmann, Andreas and Renaud, Karen and Volkamer, Melanie
Title: Nudging Bank Account Holders Towards More Secure PIN Management
Language: English
Abstract:

The memorability of PINs is an enduring security issue. This is especially pertinent in the context of banking, where technical systems evolve more slowly than in other contexts (e.g. many mobile phone operating systems have adopted alternative authentication mechanisms). Banking customers who struggle to memorise all their PINs often record them, sometimes insecurely, flying in the face of advice from their banks. Banks respond to memorisation difficulties by permitting customers to change their PINs. The reality is that both recording and changing unwittingly weakens the mechanism by increasing predictability. Yet trying to forbid these coping strategies is futile. It is far better to acknowledge the prevalence of such behaviours and to try to nudge people towards more secure PIN management. In this paper, we suggest a way of achieving this.

Title of Book: Journal of Internet Technology and Secured Transaction (JITST)
Volume: 4
Publisher: Infonomics Society
Uncontrolled Keywords: Security, Usability and Society
Divisions: LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
20 Department of Computer Science > SECUSO - Security, Usability and Society
20 Department of Computer Science > Theoretical Computer Science - Cryptography and Computer Algebra
Profile Areas > Cybersecurity (CYSEC)
LOEWE > LOEWE-Zentren
20 Department of Computer Science
Profile Areas
LOEWE
Date Deposited: 28 Jul 2016 18:35
DOI: 10.20533/jitst.2046.3723.2015.0049
Identification Number: TUD-CS-2016-0017
Export:
Suche nach Titel in: TUfind oder in Google

Optionen (nur für Redakteure)

View Item View Item