Skip to main content

The effect of repeated login prompts on phishing susceptibility

Publication ,  Conference
Snyder, P; Kanich, C; Reiter, MK
Published in: 2016 LASER Workshop - Learning from Authoritative Security Experiment Results
January 1, 2016

Background. Understanding the human aspects of phishing susceptibility is an important component in building effective defenses. People type passwords so often that it is possible that this act makes each individual password less safe from phishing attacks. Aim. This study investigated whether the act of re-authenticating to password-based login forms causes users to become less vigilant toward impostor sites, thus making them more susceptible to phishing attacks. Our goal was to determine whether users who type their passwords more often are more susceptible to phishing than users who type their passwords less often. If so, this result could lead to theoretically well-grounded best practices regarding login-session length limits and re-authentication practices. Method. We built a custom browser extension which logs password entry events and has the capability of shortening session times for a treatment group of users. We recruited subjects from our local campus population, and had them run the extension for two months. After this time, we conducted a synthetic phishing attack on all research subjects, followed by a debriefing. Our research protocol was approved by the University's IRB. Results. We failed to reject the null hypothesis. We found that login frequency has no noticeable effect on phishing susceptibility. Our high phishing success rate of 39.3% was likely a leading factor in this result. Conclusions. This study confirmed prior research showing exceedingly high phishing success rates. We also observed that recruiting only in-person and campus-affiliated users greatly reduced our subject pool, and that the extension-based investigation method, while promising, faces significant challenges itself due to deployed extension-based malware defenses.

Duke Scholars

Published In

2016 LASER Workshop - Learning from Authoritative Security Experiment Results

Publication Date

January 1, 2016

Start / End Page

13 / 19
 

Citation

APA
Chicago
ICMJE
MLA
NLM
Snyder, P., Kanich, C., & Reiter, M. K. (2016). The effect of repeated login prompts on phishing susceptibility. In 2016 LASER Workshop - Learning from Authoritative Security Experiment Results (pp. 13–19).
Snyder, P., C. Kanich, and M. K. Reiter. “The effect of repeated login prompts on phishing susceptibility.” In 2016 LASER Workshop - Learning from Authoritative Security Experiment Results, 13–19, 2016.
Snyder P, Kanich C, Reiter MK. The effect of repeated login prompts on phishing susceptibility. In: 2016 LASER Workshop - Learning from Authoritative Security Experiment Results. 2016. p. 13–9.
Snyder, P., et al. “The effect of repeated login prompts on phishing susceptibility.” 2016 LASER Workshop - Learning from Authoritative Security Experiment Results, 2016, pp. 13–19.
Snyder P, Kanich C, Reiter MK. The effect of repeated login prompts on phishing susceptibility. 2016 LASER Workshop - Learning from Authoritative Security Experiment Results. 2016. p. 13–19.

Published In

2016 LASER Workshop - Learning from Authoritative Security Experiment Results

Publication Date

January 1, 2016

Start / End Page

13 / 19