Question 1
Company ABC’s password policy has always been that the system generates passwords for its users instead of letting them pick their own. The passwords are random 8-character strings with upper and lower case letters, numbers, and symbols for users (e.g. “^8j4Z.mp”). Every six months, the password is changed to something new. Because password resets are a security danger, users are not allowed to reset their passwords if they forget them. Instead, they need to go to the company’s IT office which looks up their existing password and gives them a printout with the password on it.
(note: this is a true example – I worked at an organization that had exactly this policy)
Answer the questions 1-13 about Company ABC’s policy.
True or false: the passwords that the system generate are very hard to crack?
Question 2
Which method would work best if trying to crack one of Company ABC’s passwords
Question 3
What is the biggest usability problem with Company ABC’s passwords?
Question 4
Which of the following is the most likely response to Company ABC’s password reset policy ?
Question 5
True or false: a policy that allows users reset their passwords automatically (e.g. if a user forgets their password they can enter their user ID and have a new password emailed to the address that the IT office has on file) may lead users choosing more complex passwords.
Question 6
True or false: a policy that users reset their passwords automatically would be more usable
Question 7
True or false: a user-chosen 8-character password would be more difficult to break than the existing system-generated passwords.
Question 8
True or false: a user-chosen 8-character password would be more usable
Question 9
True or false: a user chosen 8-character password could be more secure
Question 10
True or false: an automatically generated password that combined 4 unrelated common words would be harder to break
Question 11
True or false: an automatically generated password that combined 4 unrelated common words would be more usable
Question 12
True or false: Increasing the usability of Company ABC’s password policy would lead to greater security
Question 13
True or false: There is a conflict between creating a usable password system and the most secure password system
Question 14
Company XYZ is a defense contractor. They need to make sure that only authorized people enter their facilities. They have decided to install a new biometric authentication station outside the gate that protects the parking lot. Employees will need to authenticate in order to be let in. Answer questions 14-20 about Company XYZ.
How should the security system be designed?
Question 15
If someone tries to authenticate and they are not recognized, the system designer is considering adding a delay before they can try to authenticate again. Which is the best delay?
Question 16
A survey shows that a surprisingly large percentage (25%) of employees ride motorcycles to work, the standard protective gear of helmets, leather jackets, and gloves. Which of the following would be a poor biometric tool based on this fact?
Question 17
The designer has decided to use a free gesture system to authenticate people, but the hardware for a gesture-detection system that is weatherproof is very expensive. As she is eating lunch in her office, she is contemplating the next step. What should she do?
Question 18
The free gesture system is implemented, and all employees have stopped by the IT office to teach the system what their authenticating gesture is by entering it on a touch screen in the office. A couple weeks later, people who drive SUVs start complaining that they sometimes need to enter their gesture 4 or 5 times because it is not recognized (probably because they are making it from an odd angle – their cars are high up above the device where they enter their gesture). What type of usability problem is this?
Question 19
What is a good solution for the SUV drivers?
Question 20
After a while, the IT office complains to the designer that people keep coming in having forgotten their gestures. This is a problem because traffic backs up when a person can’t remember the gesture, it takes a lot of time to reset the gesture, and people are trying to get around the system by closely following the person in front of them through the open gate. The designer decides that from now on, when people create new gestures, it should be the person’s normal signature. Which usability aspect does this improve?
Question 21
Answer questions 21-24 about Company 123.
Company 123 is creating a social network designed to compete with Facebook. They begin by copying Facebook’s interface exactly, except they change the name and make it green instead of blue. How does this help usability?
Question 22
Company 123 writes a privacy policy that is written in easy-to-read language at an 6th grade reading level and is exactly 1 page long when printed and that covers all the major points of their privacy – mainly, that no data is ever shared except with people the user lists in their own privacy settings. Which of these five pitfalls does their policy avoid:
Question 23
Is a 12-year old in 7th grade able to give informed consent to this policy?
Question 24
A designer at Company 123 is considering changing their login interface so the password box shows the last character typed for 1 second before changing it to the standard star or dot that prevents over the shoulder attacks. They hope this will help people spot when they have made a typo as they enter their password. How should she determine if this is a good change to make?
Question 25
True or false: error messages should limit technical detail in favor of plain language.
Week 6 Quiz Usable Privacy >>> Usable Security 1. Question 1 Which of these is not a guideline for usable privacy? 1 point Make privacy systems match users’ expectations from…
Week 4 Quiz Guidelines for Usable Security >>> Usable Security 1. Question 1 What is the principle of least privilege? 1 point A system should be able to access only…
Week 2 Quiz Design of Usable Security 1. Question 1 What is the cycle of the iterative design process? 1 point Requirements – Design – Development – Testing Design –…
Week 1 Quiz HCI Basics of Usable Security 1. Question 1 Imagine you are analyzing the usability of a banking website. Which of the following are examples of good tasks?…
Week 5 Quiz Usable Authentication >>> Usable Security 1. Question 1 What type of attack would be most effective / fastest if the user’s password is “hello”? 1 point Dictionary…
Week 3 Quiz Evaluation of Usable Security 1. Question 1 What is the goal of A/B testing? 1 point To test users’ answers to quiz questions To allow users to…