Abstract
The number of passwords users require to interact with online accounts continues to grow, as the services they interact with online become more and more common. Federated Identity Management (FIM) offer an easy option for users to authenticate themselves to many accounts using just one password from an Identity Provider such as Facebook or Google. Previous research has shown that users are reluctant to use such systems and have inaccurate mental models of how they work, but much of the research is now over a decade old. An initial exploratory study with 12 users asked them to create a mental model of a particular concrete FIM scenario, using a new tangible elicitation method involving felt icons and a flocked board, based on the Fuzzy-Felt toy for young children. It was found that almost all participants had inaccurate mental models of FIM which may lead to hesitancy to use such systems: they believe much more information is passed to the website they wish to login to and they mis-understand the route taken by the information that is passed between their browser, the Identity Provider and the target website. The implications of these results and the new method of eliciting mental models are discussed.
Original language | English |
---|---|
Title of host publication | IFIP International Symposium on Human Aspects of Information Security & Assurance (HAISA 2024) |
Publication status | Accepted/In press - 30 May 2024 |
Event | International Symposium on Human Aspects of Information Security & Assurance - Skövde, Sweden Duration: 9 Jul 2024 → 11 Jul 2024 Conference number: 18th https://haisa.org/ |
Conference
Conference | International Symposium on Human Aspects of Information Security & Assurance |
---|---|
Abbreviated title | HAISA 2024 |
Country/Territory | Sweden |
City | Skövde |
Period | 9/07/24 → 11/07/24 |
Internet address |
Bibliographical note
This is an author-produced version of the published paper. Uploaded in accordance with the University’s Research Publications and Open Access policy.Keywords
- Federated Identity Management
- Mental Models
- Fuzzy Felt Method
- Single Sign-On