|
Hello: You are invited to participate in a research study. In this study, you will be asked to complete a set of tasks and answer questions about each task. It will take approximately 30 minutes to complete the study. Your participation in this study is completely voluntary. There are no foreseeable risks associated with this project. However, if you feel uncomfortable answering any questions, you can withdraw from the study at any point. Your responses will be strictly confidential and data from this research will be reported only in the aggregate. Your information will be coded and will remain confidential. Thank you very much for your time and support. Please start with the survey now by clicking on the Continue button below. |
| |
|
|
|
What is SPHINX: We are about to test the usability of our password-hardening/password-manager application called Storeless Password Store (SPHINX). SPHINX is an application that runs on your browser and your phone to generate a secure, strong, and random password based on your simple, easy to remember master password. SPHINX runs a secure protocol between your smart phone and the terminal to build a strong password that is not known or stored on your device or the terminal. This strong password will be used to authenticate you to the server but you do not need to memorize it.
How to register it: To register SPHINX with any service, you should update your password with the service. The new password should start with @@, or alternatively you can press F2 before entering information on the password field. @@ or F2 key will tell SPHINX to run the password hardening protocol. The password field will turn yellow to indicate that your password is going to be secure with SPHINX. Your strong password will be shown to you once. You can make a note to authenticate with it if you want to log in on a different terminal that does not have SPHINX installed or if your phone is not handy. To introduce your mobile phone to the SPHINX plugin you should use the option tab. This task needs to be done whenever your mobile device obtains a new IP address. It can be avoided if your Internet service provider supports static IP address.
How to use it: Every time you want to authenticate, you will enter your simple master password (starting with @@ or F2). The terminal and the phone will run the secure protocol and will send your strong password to the server. To permit your phone to run the protocol launch the application on the phone and tap “permit” whenever alerted. |
| |
|
|
|
|
|
| |
|
|
|
|
|
What is the highest level of education you have achieved? |
| |
|
|
|
|
|
Which of the following categories best describes the industry you work in? |
| |
|
|
|
|
|
How do you rank your general computer skills? |
| |
|
|
|
|
How do you rank your general computer security skills? |
| |
|
|
|
|
How comfortable are you with Chrome browser? |
| |
|
|
|
|
How familiar are you with browser extensions, plugins or add-ons? |
| |
|
|
|
|
How often do you visit websites that require password from your computer? (i.e. Gmail, Facebook, Twitter,... ) |
| |
|
|
|
|
How often do you login to Gmail? |
| |
|
|
|
|
How do you usually choose a password? |
| |
|
|
|
|
|
Have you used any password manager before? (i.e. storing password on the browser or on the mobile phone, or applications such as Lastpass or PwdHash, ... ) |
| |
|
|
|
|
What is your primary reason for using a password managers? |
| |
|
|
|
|
How often do you carry your smartphone with you? |
| |
|
|
|
|
How often does your phone run out of battery? |
| |
|
|
|
|
How often is your phone connected to Internet (through wireless or cellular data)? |
| |
|
|
|
|
Do you like the idea of using your phone to login to websites more securely? |
| |
|
|
|
|
Your task is to sign in to a Gmail account provided to you below and answer the following questions.
Username: Password: |
| |
|
|
|
How easy it was to execute this task? |
| |
|
|
|
|
How satisfied are you with SPS at performing this task? |
| |
|
|
|
|
Your task is to change the password of the Gmail account provided to you bellow to activate SPHINX*. Your new password should start with @@, or you should press F2 before entering your password (the password field will be highlighted to show that SPS is active). The new password can be short, simple and easy to remember.
*SPHINX is the name of our password-hardening application that runs on your browser and your phone. It will run a secure protocol between your smart phone and the terminal to build a strong password, that is not known or stored on your device or the terminal. This strong password will be registered with the server but you do not need to memorize it. Every time you want to log in, you will enter your simple password (starting with @@, or you will press F2 before entering the password). The terminal and the phone will run the secure protocol and will send your strong password to the server. Your strong password will be shown to you once. You can make a note to authenticate with it if you want to log in on a different terminal that does not have SPHINX installed.
Username: Password:
How tough it was to execute this task? |
| |
|
|
|
|
How satisfied are you with SPHINX at performing this task? |
| |
|
|
|
|
Your task is to log in to the Gmail account provided to you bellow using your new password. You should enter your simple password (starting with @@, or you should press F2 before entering your password). The terminal and the phone will run the secure protocol and will send your strong password to the server.
Username: Password: (the one that you picked in previous task)
How tough it was to execute this task? |
| |
|
|
|
|
How satisfied are you with SPS at performing this task? |
| |
|
|
|
|
Your task is to update your password for the Gmail account provided to you below. You should change it to a different password matching SPHINX criteria (starting with @@ or you should press F2 before entering your password). The new password can be simple and easy to remember. SPHINX will communicate with your mobile device to register a strong password with the server.
Username: Password: (the one that you picked in previous task)
How tough it was to execute this task? |
| |
|
|
|
|
How satisfied are you with SPHINX at performing this task? |
| |
|
|
|
|
Your task is to log in to the Gmail account provided to you below using your new password. You should enter your simple password (starting with @@, or you should press F2 before entering your password). The terminal and the phone will run the secure protocol and will send your strong password to the server.
Username: Password: (the one that you picked in previous task)
How tough it was to execute this task? |
| |
|
|
|
|
How satisfied are you with SPS at performing this task? |
| |
|
|
|
|
You will be asked to log in from a different terminal that does not have SPS installed. Your task is to log in to Gmail using the username and the SPS-generated "strong password".
*In this situation you have three choices: 1- log in with your strong password if you remember it. 2- install SPS and log in using the simple SPS-enabled password that you remember. 3- reset your password using Gmail conventional "do not remember my password" option.
Username: Password: (your SPS-generated strong password)
How tough it was to execute this task? |
| |
|
|
|
|
How satisfied are you with SPS at performing this task? |
| |
|
|
|
|
Your task is to install/enable SPS from the link below, examiner will give you instruction if you are not familiar with installing plugins on chrome.
Link:
How tough it was to execute this task?
|
| |
|
|
|
|
How satisfied are you with SPS at performing this task? |
| |
|
|
|
|
Your task is to log in to the Gmail account provided to you bellow using your password. You should enter your simple password (starting with @@, or you should press F2 before entering your password). The terminal and the phone will run the secure protocol and will send your strong password to the server.
Username: Password: (the one that you picked previously)
How tough it was to execute this task? |
| |
|
|
|
|
How satisfied are you with SPS at performing this task? |
| |
|
|
|
|
Considering your recent experience logging in to Gmail using SPS, rate the following statements:
I think that I would like to use SPS frequently.
|
| |
|
|
|
|
I found SPS unnecessarily complex. |
| |
|
|
|
|
I thought SPS was easy to use. |
| |
|
|
|
|
I think that I would need the support of a technical person to be able to use SPS. |
| |
|
|
|
|
I found the various functions in SPS were well integrated. |
| |
|
|
|
|
I thought there was too much inconsistency in SPS. |
| |
|
|
|
|
I would imagine that most people would learn to use SPS very quickly. |
| |
|
|
|
|
I found SPS very cumbersome to use. |
| |
|
|
|
|
I felt very confident using SPS. |
| |
|
|
|
|
I needed to learn a lot of things before I could get going with SPS. |
| |
|
|
|
|
Compared to a password only authentication mechanism that doesn't require the device, how much do you agree with the following statements:
My experiment loging in with SPS is similar to logging in with password only. |
| |
|
|
|
|
I feel my passwords are more secure using SPS. |
| |
|
|
|
|
I trust SPS to protect my password. |
| |
|
|
|
|
I am uncomfortable with not knowing my actual passwords for a web site. |
| |
|
|
|
|
Passwords are safer when users do not know their actual password. |
| |
|
|
|
|
I am comfortable with letting SPS decide a strong password for me. |
| |
|
|
|
|
My passwords are safe even without using SPS. |
| |
|
|
|
|
I need to use SPS on my computer to protect my passwords. |
| |
|
|
|
|
I am concerned about not having my phone handy and powered on each time I log in. |
| |
|
|
|
|
I am confident that loging in from remote computers will be convenient. |
| |
|
|
|
|
| From your understanding, what does SPS do? | | |
|
|
|
|
| Did you face any problem/issue/difficulty when using SPS? | | |
|
|
|
|
| Do you have any suggestions for SPS that can make it more useful or easier to use? | | |
|
|
|
|
| Do you think SPS is better than other password managers? | | |
|
|
|
|
| Which types of sites you will be interested to use with SPS? (Banking, emails, ...) | | |
|
|
|