Usability Testing a Malware-Resistant Input Mechanism
We report the results of a usability study of Bumpy, a system that enables a user to provide secret inputs to remote webservers without trusting the computer on which she types those inputs. Achieving this somewhat paradoxical property via Bumpy requires extra diligence from users, raising questions as to whether it is a viable protection for the average user. We evaluate the originally proposed Bumpy design and several new alternatives in a user study involving 85 participants, each of whom utilized one of these designs (or a control design) for roughly four months to protect her password entries to a university course web page. Beyond assessing the usability of Bumpy designs, our study offers insights for designing security-relevant interfaces and training users to successfully utilize them.
