Security Design Based on Social and Cultural Practice: Sharing of Passwords

  • Supriya Singh
  • Anuja Cabraal
  • Catherine Demosthenous
  • Gunela Astbrink
  • Michele Furlong
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4560)

Abstract

We draw on a qualitative study of 108 people to examine the routine sharing of passwords for online banking among married and de facto couples, Aboriginal users and people with disability in Australia. The sharing of passwords goes against current banking authentication systems and consumer protection laws that require customers not to reveal their access codes to anybody, including family members. The everyday violation of these security requirements results from the lack of fit between security design and social and cultural practice, rather than a lack of security awareness. We argue for the need to go beyond individualistic user-centered design, so that social and cross-cultural practices are at the centre of the design of technologies. The need for a social and culturally centered approach to design is even more important when dealing with different notions of privacy across cultures and a culture of shared use in public and private spaces.

Keywords

Banking security Australia sharing passwords social and cultural centered design privacy across cultures 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Ackerman, M.S.: The intellectual challenge of CSCW: The gap between social requirements and technical feasibility. In: Carroll, J.M. (ed.) Human-Computer Interaction in the New Millennium, pp. 303–324. ACM Press, New York (2002)Google Scholar
  2. 2.
    Agre, P.: Introduction. In: Agre, P., Rotenberg, M. (eds.) Technology and Privacy: The New Landscape, pp. 1–28. The MIT Press, Cambridge, Mass (1998)Google Scholar
  3. 3.
    Australian Bankers’ Association Inc. Stay safe online: ABA supports the e-security awareness week, Australian Bankers’ Association Inc. (2006)Google Scholar
  4. 4.
    Australian Bureau of Statistics. Household Use of Information Technology, Australia, 2004-05, Australian Bureau of Statistics, Canberra, Cat No. 8146.8140 (2005)Google Scholar
  5. 5.
    Australian Securities and Investment Commission. Electronic Funds Transfer Code of Conduct: As revised by the Australian Securities & Investments Commission’s EFT Working Group, Australian Securities and Investment Commission, Sydney (2002)Google Scholar
  6. 6.
    Bayes, A., Braun, J.v., Akhter, R.: Village Pay Phones and Poverty Reduction: Insights from a Grameen Bank Initiative in Bangladesh, ZEF Bonn, Zentrum für Entwicklungsforschung, Center for Development Research, Universität Bonn, Bonn (1999)Google Scholar
  7. 7.
    Birdsall, C.: All in the family. In: Keen, I. (ed.) Being Black: Aboriginal cultures in ‘settled’ Australia, Aboriginal Studies Press for the Australian Institute of Aboriginal Studies, Canberra, pp. 137–158 (1994)Google Scholar
  8. 8.
    Castro, M., Singh, S.: Rigour at a trotting pace: A story from the user-centred design of smart internet technologies. In: QualIT, Brisbane (2004)Google Scholar
  9. 9.
    Cranor, L.F., Garfinkel, S.: Preface. In: Cranor, L.F., Garfinkel, S. (eds.) Security and Usability: Designing Secure Systems that People Can Use, O’Reilly, Sebastopol, CA, ix-xviii (2005)Google Scholar
  10. 10.
    Dhamija, R., Perrig, A., Déjà, V.: A User Study Using Images for Authentication. In: Proceedings of the 9th USENIX Security Symposium Denver, Colorado, USA, 2000, The USENIX Association (2000)Google Scholar
  11. 11.
    D’Hertefelt, S.: Trust and the perception of security (2000)Google Scholar
  12. 12.
    Donner, J.: User-led innovations in mobile use in sub-Saharan Africa Receiver Newsletter#14 (2005)Google Scholar
  13. 13.
    Erickson, T., Kellogg, W.A.: Social translucence: Designing systems that support social processes. In: Carroll, J.M. (ed.) Human-Computer Interaction in the New Millennium, pp. 325–345. ACM Press, New York (2002)Google Scholar
  14. 14.
    Fleming, R., Taiapa, J., Pasikale, A., Easting, S.K.: The Common Purse. Auckland University Press, Auckland (1997)Google Scholar
  15. 15.
    Glaser, B.G., Strauss, A.L.: The discovery of grounded theory: Strategies for qualitative research. Aldine, Chicago (1967)Google Scholar
  16. 16.
    Haseloff, A.M.: Cybercafes and their Potential as Community Development Tools in India, The Journal of Community Informatics (2005)Google Scholar
  17. 17.
    Ho, D.Y.F.: Indigenous Psychologies: Asian Perspectives. Journal of Cross-Cultural Psychology 29, 88–103 (1998)CrossRefGoogle Scholar
  18. 18.
    Hofstede, G.: Cultures and Organizations: Software of the Mind. McGraw-Hill, New York (1997)Google Scholar
  19. 19.
    Internet and Mobile Association of India. Cybercafé Users Ecommerce Activities, Internet and Mobile Association of India (2005)Google Scholar
  20. 20.
    Internet and Online Association. IOAI Survey: Ecommerce Security 2005, Internet and Online Association (2005)Google Scholar
  21. 21.
    Kumaraguru, P.: Internet Privacy in India Hot Topics, Carleton University (2005)Google Scholar
  22. 22.
    Livingstone, S.: On the Challenges of Cross-National Comparative Media Research. European Journal of Communication 18(4), 477–500 (2003)CrossRefGoogle Scholar
  23. 23.
    Palen, L., Dourish, P.: Unpacking privacy for a networked world. In: Proceedings of the conference on Human factors in computing systems, Ft. Lauderdale, Florida, USA, pp. 129–136. ACM Press, New York (2003)CrossRefGoogle Scholar
  24. 24.
    Pertierra, R.: Mobile Phones, Identity and Discursive Intimacy. Human Technology 1(1), 23–44 (2005)Google Scholar
  25. 25.
    Ranjan, A.: Milestones in India’s Internet Journey (2005)Google Scholar
  26. 26.
    Renouf, G.: Bookup - some consumer problems. A report for ASIC (2002)Google Scholar
  27. 27.
    Sadagopan, S.: Why I feel e-commerce will fly in India?, IIITB, Bangalore, n.d.Google Scholar
  28. 28.
    Sansom, B.: A grammar of exchange. In: Being Black: Aboriginal cultures in ‘settled’ Australia, Aboriginal Studies Press for the Australian Institute of Aboriginal Studies, Canberra, pp. 159–177 (1988)Google Scholar
  29. 29.
    Sasse, M.A., Flechais, I.: Usable security: Why do we need it? How do we get it? In: Cranor, L.F., Garfinkel, S. (eds.) Security and Usability: Designing Secure Systems that People Can Use, O’Reilly, Sebastopol, CA, pp. 13–30 (2005)Google Scholar
  30. 30.
    Schneier, B.: Secrets and lies: Digital security in a networked world. John Wiley & Sons, New York (2000)Google Scholar
  31. 31.
    Senior, K., Perkins, D., Bern, J.: Variation in material wellbeing in a welfare based economy. In: South East Arnhem Land Collaborative Research Project, University of Wollongong, Wollongong (2002)Google Scholar
  32. 32.
    Singh, S.: Marriage money: the social shaping of money in marriage and banking. Allen & Unwin, St. Leonards, NSW (1997)Google Scholar
  33. 33.
    Singh, S., Cabraal, A., Demosthenous, C., Astbrink, G., Furlong, M.: Password Sharing: Implications for Security Design Based on Social Practice. In: Computer Human Interaction, San Jose, ACM, San Jose, New York (2007)Google Scholar
  34. 34.
    Singh, S., Zic, J., Satchell, C., Bartolo, K.C., Snare, J., Fabre, J.: A Reflection on Translation Issues in User-Centred Design. In: 7th International Conference on Work with Computing Systems, WWCS 2004 (Kuala Lumpur, 2004) (2004)Google Scholar
  35. 35.
    State Bank of India. Internet Banking: Welcome Aboard, State Bank of India (2006)Google Scholar
  36. 36.
    Toyama, K., Kiri, K., Ratan, M.L., Nileshwar, A., Vedashree, R., MacGregor, R.F.: Rural Kiosks in India, Microsoft Corporation (2004)Google Scholar
  37. 37.
    United Nations Conference on Trade and Development. Information Economy Report 1005, United Nations, New York and Geneva (2005)Google Scholar
  38. 38.
    Vodafone. Africa: The Impact of Mobile Phones The Vodafone Policy Paper Series (2005)Google Scholar
  39. 39.
    Westpac Banking Corporation. Internet Banking Terms and Conditions, Sydney (2006)Google Scholar
  40. 40.
    Woo, J.: Invasion or giving up of Internet privacy? A personal divide emerges. In: Pacific Telecommunications Conference (Honolulu, 2001) (2001)Google Scholar
  41. 41.
    World Bank Global Economic Prospects 2006: Economic Implications of Remittances and Migration. World Bank, Washington DC (2006)Google Scholar
  42. 42.
    Yee, K.-P.: Aligning Security and Usability. IEEE Security and Privacy 2(5), 48–55 (2004)CrossRefGoogle Scholar
  43. 43.
    Zelizer, V.: The social meaning of money. Basic Books, New York (1994)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Supriya Singh
    • 1
  • Anuja Cabraal
    • 1
  • Catherine Demosthenous
    • 2
  • Gunela Astbrink
    • 3
  • Michele Furlong
    • 4
  1. 1.Smart Internet Technology Cooperative Research Centre/RMIT University, GPO Box, 2476V, Melbourne 3001Australia
  2. 2.Smart Internet Technology Cooperative Research Centre 
  3. 3.Smart Internet Technology Cooperative Research Centre/GSA Information Consultants, GSA Information Consultants, PO Box 1141, Toowong, QLD, 4066Australia
  4. 4.Smart Internet Technology Cooperative Research Centre/GSA Information Consultants, GSA Information Consultants, PO Box 1141,Toowong, QLD, 4066Australia

Personalised recommendations