Single Sign On on the Web: What’s broken and What can be fixed?

With Ph.D. student San-Tsai Sun, we have been investigating single-sign-on for Web. We have been looking at usability, business, and technical aspects of web single sign on (SSO) solutions: He has analyzed OpenID protocol and 200 OpenID-enabled web sitesand found, among other things, that 50% of OpenID-enabled websites are vulnerable to cross-site request forgery attack (CSRF), […]

Understanding Wants and Needs of Personal Firewall Users

I’ve presented results of a user study by my graduate student Fahimeh Raja at SafeConfig. She conducted semi-structured interviews with a diverse set of participants to gain an understanding of their knowledge, requirements, perceptions, and misconceptions of personal firewalls. There are several interesting findings. Through a qualitative analysis of the data, we found that most of our participants were not […]

SOUPS Features LERSSE Research

LERSSE graduate students presented their research at the Symposium on Usable Security Privacy and Security (SOUPS). Here is a summary of the presented research: We had posters on OpenIDemail Enabled Browser,Expectations, Perceptions, and Misconceptions of Personal Firewalls, and Validating and Extending a Study on the Effectiveness of SSL Warnings. At SOUPS Workshop on Usable Security Experiment Reports (USER), Andreas Sotirakopoulos discussed how study […]