Corpus ID: 235446571

"I have no idea what they're trying to accomplish: " Enthusiastic and Casual Signal Users' Understanding of Signal PINs

  title={"I have no idea what they're trying to accomplish: " Enthusiastic and Casual Signal Users' Understanding of Signal PINs},
  author={D. Bailey and Philipp Markert and Adam J. Aviv},
  booktitle={SOUPS @ USENIX Security Symposium},
We conducted an online study with n = 235 Signal users on their understanding and usage of PINs in Signal. In our study, we observe a split in PIN management and composition strategies between users who can explain the purpose of the Signal PINs (56 %; enthusiasts) and users who cannot (44 %; casual users). Encouraging adoption of PINs by Signal appears quite successful: only 14 % opted-out of setting a PIN entirely. Among those who did set a PIN, most enthusiasts had long, complex alphanumeric… Expand


PIN selection policies: Are they really effective?
It is demonstrated that restricting some number of commonly used PINs (e.g. restricting the 200 most commonly used ones) is beneficial: this type of policy would significantly increase the randomness of PINs without incurring significant memorability overhead. Expand
Understanding Human-Chosen PINs: Characteristics, Distribution and Security
This work conducts a systematic investigation into the characteristics, distribution and security of both 4-digit PINs and 6- digit PINs that are chosen by English users and Chinese users, and reveals that Zipf's law is likely to exist in PINs. Expand
"Something isn't secure, but I'm not sure how that translates into a problem": Promoting autonomy by designing for understanding in Signal
A three-phase redesign of the warning notifications surrounding the authentication ceremony in Signal shows how improved comprehension can be achieved while still promoting favorable privacy outcomes among users and reaffirms existing arguments that users should be empowered to make personal trade-offs between perceived risk and response cost. Expand
Action Needed! Helping Users Find and Complete the Authentication Ceremony in Signal
This work modified Signal to include prompts for the ceremony and also simplified the ceremony itself, showing that users are able to both find and complete the ceremony more quickly in the new version of Signal. Expand
A Quest for Inspiration: How Users Create and Reuse PINs
Personal Identification Numbers (PINs), required to authenticate on a multitude of devices, are ubiquitous nowadays. To increase the security and safety of their assets, users are advised to createExpand
"I don't see why I would ever want to use it": Analyzing the Usability of Popular Smartphone Password Managers
The first empirical usability study of mobile password managers shows that popular PMs are barely acceptable according to the standard System Usability Scale, and that there are three key areas for improvement: integration with external applications, security, and user guidance and interaction. Expand
It's a Hard Lock Life: A Field Study of Smartphone (Un)Locking Behavior and Risk Perception
It was found that on average, participants spent around 2.9 % of their smartphone interaction time with authenticating, and participants that used a secure lock screen like PIN or Android unlock patterns considered it unnecessary in 24.1 % of situations. Expand
I Don't Even Have to Bother Them!: Using Social Media to Automate the Authentication Ceremony in Secure Messaging
The feasibility of social authentication in Signal is examined, which partially automates the ceremony using social media accounts and distributing trust with additional service providers is promising, but this infrastructure needs to be more trusted than social media companies. Expand
Learning Assigned Secrets for Unlocking Mobile Devices
Almost all of the participants using either repetition-learning approach learned their assigned secrets quickly and could recall them three days after the study, and the learning process was less time consuming for those required to enter an extra PIN. Expand
This PIN Can Be Easily Guessed: Analyzing the Security of Smartphone Unlock PINs
This paper provides the first comprehensive study of user-chosen 4- and 6-digit PINs collected on smartphones with participants being explicitly primed for device unlocking, and suggests that a blacklist at about 10 % of the PIN space may provide the best balance between usability and security. Expand