27 September 2022,
by Eva Gerlitz, University of Bonn
Hi! I am Eva, a Ph.D. student at the University of Bonn, and I spent the last one and a half months in Glasgow.
My research interests lie in the field of usable security, especially concerning authentication and expert users, such as developers and administrators. I find authentication interesting, as almost any person who uses a computer or the internet will come in contact with it (and let’s face it: Even though most are well aware that ‘123456’ or ‘qwerty’ are bad choices for a password, both still end up in the list of most commonly used passwords each year). Authentication can be annoying and frustrating, but as it is so important in a digitalized world, I believe that we should do our best to make it less of a burden for everyone. While expert users might be hard to study (more on that later on), I believe it is worth the effort. End users might make bad choices, probably creating a problem for themselves, but the decision of expert users can impact thousands of users, depending on what they are working on. Understanding their needs, issues and priorities can thus lead to increased overall security.
But now, to my actual stay: I have always liked Scotland, so my joy was immense when SICSA accepted my application for a research visit in Glasgow this summer. I completed my research visit with Dr. Mohamed Khamis and his SIRIUS Lab at the University of Glasgow, where I learned a lot about VR, AR, and security and privacy-related issues that might come with their use.
My initial plan for my stay was to recruit expert users responsible for a company’s authentication system. However, after sending out many emails and not receiving any feedback, I realized that I had to switch to something else. I thus concentrated on the end user perspective and took the opportunity to talk to employees of the University of Glasgow about 2-factor authentication, which was currently offered but not enforced. This served as a first step in understanding the threat model that people have in their minds and against which they want to protect themselves from, but also to identify gaps in the imagination of how an account could be used next to simply accessing the data that is linked to this account. Even though I concentrated on end users, the results are interesting for expert users as well, as those are the ones who might have to communicate the needs and risks of different aspects of authentication to non-experts.
This work has brought up further research questions that we will work on in future (online) collaboration.
Apart from the professional aspects of meeting excellent researchers, getting great feedback for my own work, and getting a chance to peek into related research areas, I had the opportunity to learn more about Scottish culture. I enjoyed Scottish food, Glasgow street art, the (as I have been told many times quite rare) summer days in beautiful parks, small and independent shops, and buildings (including the University) that evoke the memory of Harry Potter.
None of this would have been possible without SICSA’s Saltire Exchange Award, and I am highly grateful for this opportunity!