Comparative eye tracking of experts and novices in web single sign-on

Arianezhad, Majid, Camp, L. Jean, Kelley, Timothy, & Stebila, Douglas (2013) Comparative eye tracking of experts and novices in web single sign-on. In Proceedings of Third ACM Conference on Data and Application Security and Privacy (CODASPY) 2013, ACM Digital Library, San Antonio, Texas, pp. 105-116.

View at publisher


Security indicators in web browsers alert users to the presence of a secure connection between their computer and a web server; many studies have shown that such indicators are largely ignored by users in general. In other areas of computer security, research has shown that technical expertise can decrease user susceptibility to attacks.

In this work, we examine whether computer or security expertise affects use of web browser security indicators. Our study takes place in the context of web-based single sign-on, in which a user can use credentials from a single identity provider to login to many relying websites; single sign-on is a more complex, and hence more difficult, security task for users. In our study, we used eye trackers and surveyed participants to examine the cues individuals use and those they report using, respectively.

Our results show that users with security expertise are more likely to self-report looking at security indicators, and eye-tracking data shows they have longer gaze duration at security indicators than those without security expertise. However, computer expertise alone is not correlated with recorded use of security indicators. In survey questions, neither experts nor novices demonstrate a good understanding of the security consequences of web-based single sign-on.

Impact and interest:

5 citations in Scopus
Search Google Scholar™

Citation counts are sourced monthly from Scopus and Web of Science® citation databases.

These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science® generally from 1980 onwards.

Citations counts from the Google Scholar™ indexing service can be viewed at the linked Google Scholar™ search.

Full-text downloads:

468 since deposited on 14 Dec 2012
28 in the past twelve months

Full-text downloads displays the total number of times this work’s files (e.g., a PDF) have been downloaded from QUT ePrints as well as the number of downloads in the previous 365 days. The count includes downloads for all files if a work has more than one.

ID Code: 55714
Item Type: Conference Paper
Refereed: Yes
Keywords: HTTPS, security indicators, single sign-on, web browsers, usability, eye-tracking, experts
DOI: 10.1145/2435349.2435362
ISBN: 978-1-4503-1890-7
Subjects: Australian and New Zealand Standard Research Classification > INFORMATION AND COMPUTING SCIENCES (080000) > COMPUTER SOFTWARE (080300) > Computer System Security (080303)
Australian and New Zealand Standard Research Classification > INFORMATION AND COMPUTING SCIENCES (080000) > INFORMATION SYSTEMS (080600) > Computer-Human Interaction (080602)
Divisions: Current > Schools > School of Electrical Engineering & Computer Science
Current > Institutes > Institute for Future Environments
Current > QUT Faculties and Divisions > Science & Engineering Faculty
Copyright Owner: Copyright 2013 please consult the authors
ACM New York, NY, USA ©2013
Deposited On: 14 Dec 2012 04:53
Last Modified: 19 Apr 2017 07:41

Export: EndNote | Dublin Core | BibTeX

Repository Staff Only: item control page