LetsHash

Question 1

Letshash User study - design

Answer 1

3 Tasks and survey
1. Password storage
2. Password policies
3. 2FA
3 groups: Lets hash, Lets hash wizard, control group

Question 2

Letshash User study - results

Answer 2

Lets Hash: Developers liked it, produced sigificantly better results, usable and secure

Question 3

One size does not fit all: security warning types - Setup

Answer 3

Qualititive Part: interviews with professionals and students
Grounded theory using charmaz
Quantitive Part: Online servey with 50 devs
Tests developed themes and explanation and from GT
Refined func vs sec by sampling more people that considered security and functionality equaly important

Question 4

Security warning

Answer 4

computer dialog communication that warns for potential risks
- user can encounter while progamming and be annoyed
- can increase security
- static tools little used because of bad integration into workflow

Question 5

Types of warnings

Answer 5

Markers, Compiler warnings, Security views, Plugin views, Pop ups, Commit warning

Question 6

Results

Answer 6

Markers: Tended to ignore them, difficult to find in large code base, prefered color for security warnings
Views: IDEs already overloaded, hard to find, some liked it
Compiler warnings: Easy to overlook as compilers are printing a lot of output, can be useful, does not interrupt development
PopUp: Distracting, annoying, only for very important warnings
Commiting warning: Least distracting, good in workflow

Preferred time during: During coding on demand, Before commiting
Preferences varied.