Scott Ruoti scite author profile

Scott Ruoti

5Publications

71Citation Statements Received

40Citation Statements Given

How they've been cited

121

How they cite others

Affiliations

University of Tennessee at Knoxville, Brigham Young University, Sandia National Laboratories

Publications

Order By: Most citations

A Tale of Two Studies: The Best and Worst of YubiKey Usability

Reynolds

Smith

Reese

et al. 2018

View full text Add to dashboard Cite

Two-factor authentication (2FA) significantly improves the security of password-based authentication. Recently, there has been increased interest in Universal 2nd Factor (U2F) security keys-small hardware devices that require users to press a button on the security key to authenticate. To examine the usability of security keys in non-enterprise usage, we conducted two user studies of the YubiKey, a popular line of U2F security keys. The first study tasked 31 participants with configuring a Windows, Google, and Facebook account to authenticate using a YubiKey. This study revealed problems with setup instructions and workflow including users locking themselves out of their operating system or thinking they had successfully enabled 2FA when they had not. In contrast, the second study had 25 participants use a YubiKey in their daily lives over a period of four weeks, revealing that participants generally enjoyed the experience. Conducting both a laboratory and longitudinal study yielded insights into the usability of security keys that would not have been evident from either study in isolation. Based on our analysis, we recommend standardizing the setup process, enabling verification of success, allowing shared accounts, integrating with operating systems, and preventing lockouts.

show abstract

Why Johnny Still, Still Can't Encrypt: Evaluating the Usability of a Modern PGP Client

Ruoti¹,

Andersen²,

Zappala³

et al. 2015

Preprint

View full text Add to dashboard Cite

A Usability Study of Four Secure Email Tools Using Paired Participants

Ruoti¹,

Andersen

Dickinson

et al. 2019

ACM Trans. Priv. Secur.

View full text Add to dashboard Cite

Secure email is increasingly being touted as usable by novice users, with a push for adoption based on recent concerns about government surveillance. To determine whether secure email is ready for grassroots adoption, we employ a laboratory user study that recruits pairs of novice users to install and use several of the latest systems to exchange secure messages. We present both quantitative and qualitative results from 28 pairs of novices as they use Private WebMail (Pwm), Tutanota, and Virtru and 10 pairs of novices as they use Mailvelope. Participants report being more at ease with this type of study and better able to cope with mistakes since both participants are "on the same page." We find that users prefer integrated solutions over depot-based solutions and that tutorials are important in helping first-time users. Finally, our results demonstrate that Pretty Good Privacy using manual key management is still unusable for novice users, with 9 of 10 participant pairs failing to complete the study. CCS Concepts: • Security and privacy → Domain-specific security and privacy architectures; Usability in security and privacy; • Human-centered computing → User studies; Empirical studies in HCI; Laboratory experiments;

show abstract

Johnny's Journey Toward Usable Secure Email

Ruoti

Seamons

2019

IEEE Secur. Privacy

View full text Add to dashboard Cite

Private Webmail 2.0

Ruoti

Andersen

Hendershot

et al. 2016

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Scott Ruoti

A Tale of Two Studies: The Best and Worst of YubiKey Usability

Why Johnny Still, Still Can't Encrypt: Evaluating the Usability of a Modern PGP Client

A Usability Study of Four Secure Email Tools Using Paired Participants

Johnny's Journey Toward Usable Secure Email

Private Webmail 2.0

Contact Info

Product

Resources

About