Speaker: Angela Sasse (University College London, UK)
M. Angela Sasse is the Professor of Human-Centred Technology and Head of Information Security Research in the Department of Computer Science at University College London (UCL), UK. A usability researcher by training, she started investigating the causes and effects of usability issues with security mechanisms in 1996. In addition to studying specific mechanisms such as passwords, biometrics, and access control, her research group has developed human-centred frameworks that explain the role of security, privacy, identity and trust in human interactions with technology. She is currently the Director of the Research Institute in Science of Cyber Security. A list of projects and publications can be found at http://sec.cs.ucl.ac.uk/people/m_angela_sasse/
Title: Federated Identity To Access e-Government Services –Are Citizens Ready For This?
Both the US & UK government have decided that citizens will toauthenticate to government using Federated Identity (FedID)solutions: governments do not want to be Identity providers(IdPs), but leverage accounts that citizens have with other serviceproviders instead. We investigated how citizens react to their firstencounter FedID authentication in this context. We performed 2studies using low fidelity prototypes with: in study 1, 44 citizenparticipants, & in study 2, 22 small business owners, employees& agents. We recorded their reactions during their user journeyauthenticating with 3rd party providers they already had accountswith. In study 1, 50% of participants said they would notcontinue to use the system on reaching the hub page, & 45%believed they were being asked to make a payment. 25% of thosecontinuing said they would stop when they reached the consentpage, where they were asked by their IdP to authorise the releaseof their identifying information to the government service. 34%of the participants felt threatened rather than reassured by theprivacy protection statement. With study 2's improved prototype,only 14% of participants said they would not continue onreaching the hub page, & 6% abandoned at the consent page. Ourresults show that usability & acceptance of FedID can be greatlyimproved by the application of standard HCI techniques, but trustin the ID Provider is essential. We finally report results from asurvey of which ID providers UK citizens would trust, & foundsignificant differences between age groups.