Security and privacy of Single-Sign-On (SSO) in mobile environment: Students' experiences and perceptions

The number of password-protected Internet-based applications is increasing significantly compared to a decade ago.Many Internet applications require users to subscribe to their services and authenticate themselves through the use of login credentials.The number of such applications is increasing ex...

Full description

Saved in:
Bibliographic Details
Main Authors: Katuk, Norliza, Mohamad Tahir, Hatim
Format: Monograph
Language:English
Published: Universiti Utara Malaysia 2014
Subjects:
Online Access:http://repo.uum.edu.my/12770/1/Nor.pdf
http://repo.uum.edu.my/12770/
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The number of password-protected Internet-based applications is increasing significantly compared to a decade ago.Many Internet applications require users to subscribe to their services and authenticate themselves through the use of login credentials.The number of such applications is increasing exponentially.Consequently, it causes an increase in the number of login credentials that users have to manage for both Internet and mobile environments.Due to the limitation in human memory, users usually forget their credentials (i.e., user names/IDs and passwords) and they tend to write down the passwords or replicate single password for many different applications. This practice could expose users to variety of security threats and attacks.A recent technological development on user authentication has introduced single-sign-on (SSO) that intends to help users with their credentials management.This research aims to investigate password management and SSO for accessing Internet applications especially through the use of mobile devices.The research was carried out in two phases: (i) a focus group study and (ii) survey.The researchers interviewed 11 students from School of Computing (SOC), Universiti Utara Malaysia (UUM).The results of the study found that the students did not practice proper password management. Further, it suggested that SSO may not be the immediate solution to improve the students’ password management.A behavioral study was conducted on 250 students from Universiti Utara Malaysia to understand how they managed their login credentials while accessing the Internet via their mobile devices, and their perceptions and awareness towards SSO.The results suggested that students practiced poor login credential management, however, the students are concerned about the security and privacy of their credentials.Security and privacy in mobile environment are important and need to be addressed through the use of technology and policy.The findings of this research imply system developers and policy makers on the aspect of users’ security and privacy.The findings are also useful for the purpose of training and educating students on the importance of security and privacy in mobile environment.