Number of co-authors:10
Number of publications with 3 favourite co-authors:Nicolas Christin:5Jason Hong:3Karin Strauss:1
Eiji Hayashi's 3 most productive colleagues in number of publications:A. J. Bernheim Bru..:40Jason Hong:20Nicolas Christin:9
A general principle for all user interface design is to go through all of your design elements and remove them one at a time. If the design works as well without a certain design element, kill it.
-- Jakob Nielsen, Designing Web Usability, p. 22.
Marc Hassenzahl explains the fascinating concept of User Experience and Experience Design. Commentaries by Don Norman, Eric Reiss, Mark Blythe, and Whitney Hess
User Experience and Experience Design !
Our Latest Books
Kumar and Herger 2013: Gamification at Work: Designing Engaging Business Software...
by Janaki Mythily Kumar and Mario Herger
Whitworth and Ahmad 2013: The Social Design of Technical Systems: Building technologies for communities...
by Brian Whitworth and Adnan Ahmad
Soegaard and Dam 2013: The Encyclopedia of Human-Computer Interaction, 2nd Ed....
by Mads Soegaard and Rikke Friis Dam
Publications by Eiji Hayashi (bibliography)
Hayashi, Eiji, Riva, Oriana, Strauss, Karin, Brush, A. J. Bernheim and Schechter, Stuart (2012): Goldilocks and the two mobile devices: going beyond all-or-nothing access to a device's applications. In: Proceedings of the 2012 Symposium on Usable Privacy and Security 2012. p. 2.
Most mobile phones and tablets support only two access control device states: locked and unlocked. We investigated how well all or-nothing device access control meets the need of users by interviewing 20 participants who had both a smartphone and tablet. We find all-or-nothing device access control to be a remarkably poor fit with users' preferences. On both phones and tablets, participants wanted roughly half their applications to be available even when their device was locked and half protected by authentication. We also solicited participants' interest in new access control mechanisms designed specifically to facilitate device sharing. Fourteen participants out of 20 preferred these controls to existing security locks alone. Finally, we gauged participants' interest in using face and voice biometrics to authenticate to their mobile phone and tablets; participants were surprisingly receptive to biometrics, given that they were also aware of security and reliability limitations.
© All rights reserved Hayashi et al. and/or their publisher
Hayashi, Eiji, Hong, Jason and Christin, Nicolas (2011): Security through a different kind of obscurity: evaluating distortion in graphical authentication schemes. In: Proceedings of ACM CHI 2011 Conference on Human Factors in Computing Systems 2011. pp. 2055-2064.
While a large body of research on image-based authentication has focused on memorability, comparatively less attention has been paid to the new security challenges these schemes may introduce. Because images can convey more information than text, image-based authentication may be more vulnerable to educated guess attacks than passwords. In this paper, we evaluate the resilience of a recognition-based graphical authentication scheme using distorted images against two types of educated guess attacks through two user studies. The first study, consisting of 30 participants, investigates whether distortion prevents educated guess attacks primarily based on information about individual users. The second study, using Amazon Mechanical Turk, investigates whether distortion mitigates the risk of educated guess attacks based on collective information about users. Our results show that authentication images without distortion are vulnerable to educated guess attacks, especially when information about the target is known, and that distortion makes authentication images more resilient against educated guess attacks.
© All rights reserved Hayashi et al. and/or their publisher
Hayashi, Eiji and Hong, Jason (2011): A diary study of password usage in daily life. In: Proceedings of ACM CHI 2011 Conference on Human Factors in Computing Systems 2011. pp. 2627-2630.
While past work has examined password usage on a specific computer, web site, or organization, there is little work examining overall password usage in daily life. Through a diary study, we examine all usage of passwords, and offer some new findings based on quantitative analyses regarding how often people log in, where they log in, and how frequently people use foreign computers. Our analysis also confirms or updates existing statistics about password usage patterns. We also discuss some implications for design as well as security education.
© All rights reserved Hayashi and Hong and/or their publisher
Hayashi, Eiji, Hong, Jason and Christin, Nicolas (2009): Educated guess on graphical authentication schemes: vulnerabilities and countermeasures. In: Proceedings of the 2009 Symposium on Usable Privacy and Security 2009. p. 25.
Hasegawa, Madoka, Christin, Nicolas and Hayashi, Eiji (2009): New directions in multisensory authentication. In: Proceedings of the 2009 Symposium on Usable Privacy and Security 2009. p. 44.
Sasamoto, Hirokazu, Christin, Nicolas and Hayashi, Eiji (2008): Undercover: authentication usable in front of prying eyes. In: Proceedings of ACM CHI 2008 Conference on Human Factors in Computing Systems April 5-10, 2008. pp. 183-192.
A number of recent scams and security attacks (phishing, spyware, fake terminals, ...) hinge on a crook's ability to observe user behavior. In this paper, we describe the design, implementation, and evaluation of a novel class of user authentication systems that are resilient to observation attacks. Our proposal is the first to rely on the human ability to simultaneously process multiple sensory inputs to authenticate, and is resilient to most observation attacks. We build a prototype based on user feedback gained through low fidelity tests. We conduct a within-subjects usability study of the prototype with 38 participants, which we complement with a security analysis. Our results show that users can authenticate within times comparable to that of graphical password schemes, with relatively low error rates, while being considerably better protected against observation attacks. Our design and evaluation process allows us to outline design principles for observation-resilient authentication systems.
© All rights reserved Sasamoto et al. and/or ACM Press
Hayashi, Eiji, Dhamija, Rachna, Christin, Nicolas and Perrig, Adrian (2008): Use Your Illusion: secure authentication usable anywhere. In: Proceedings of the 2008 Symposium on Usable Privacy and Security 2008. pp. 35-45.
In this paper, we propose and evaluate Use Your Illusion, a novel mechanism for user authentication that is secure and usable regardless of the size of the device on which it is used. Our system relies on the human ability to recognize a degraded version of a previously seen image. We illustrate how distorted images can be used to maintain the usability of graphical password schemes while making them more resilient to social engineering or observation attacks. Because it is difficult to mentally "revert" a degraded image, without knowledge of the original image, our scheme provides a strong line of defense against impostor access, while preserving the desirable memorability properties of graphical password schemes. Using low-fidelity tests to aid in the design, we implement prototypes of Use Your Illusion as i) an Ajax-based web service and ii) on Nokia N70 cellular phones. We conduct a between-subjects usability study of the cellular phone prototype with a total of 99 participants in two experiments. We demonstrate that, regardless of their age or gender, users are very skilled at recognizing degraded versions of self-chosen images, even on small displays and after time periods of one month. Our results indicate that graphical passwords with distorted images can achieve equivalent error rates to those using traditional images, but only when the original image is known.
© All rights reserved Hayashi et al. and/or ACM Press
Show list on your website
Join our community and advance:
Changes to this page (author)23 Nov 2012: Modified05 Jul 2011: Modified
05 Jul 2011: Modified
08 Sep 2009: Modified
08 Sep 2009: Modified
08 Apr 2009: Modified
12 May 2008: Added
Page maintainer: The Editorial Team