Paper Info
Title
What makes users refuse web single sign-on?: an empirical investigation of OpenID
Abstract
OpenID is an open and promising Web single sign-on (SSO) solution. This work investigates the challenges and concerns web users face when using OpenID for authentication, and identifies what changes in the login flow could improve the users' experience and adoption incentives. We found our participants had several behaviors, concerns, and misconceptions that hinder the OpenID adoption process: (1) their existing password management strategies reduce the perceived usefulness of SSO; (2) many (26%) expressed concerns with single-point-of-failure related issues; (3) most (71%) held the incorrect belief that the OpenID credentials are being given to the content providers; (4) half exhibited an inability to distinguish a fake Google login form, even when prompted; (5) many (40%) were hesitant to consent to the release of their personal profile information; and (6) many (36%) expressed concern with the use of SSO on websites that contain valuable personal information or, conversely, are not trustworthy. We also found that with an improved affordance and privacy control, more than 60% of study participants would use Web SSO solutions on the websites they trust.
Year
DOI
Venue
2011
10.1145/2078827.2078833
SOUPS
Keywords
Field
DocType
valuable personal information,web single sign-on,login flow,web sso solution,promising web single sign-on,adoption incentive,openid adoption process,empirical investigation,personal profile information,concerns web user,fake google login form,openid credential
Single sign-on,World Wide Web,Internet privacy,Authentication,Incentive,Computer science,Computer security,Login,OpenID,Password management,Personally identifiable information,Affordance
Conference
Citations 
PageRank 
References 
33
1.75
21
Authors
6
Name
Order
Citations
PageRank
San-Tsai Sun120212.74
Eric Pospisil2472.88
Ildar Muslukhov341518.51
Nuray Dindar4472.88
Kirstie Hawkey569551.75
Konstantin Beznosov61521105.47