Performance and Usability of Visual and Verbal Verification of Word-based Key Fingerprints
This work addresses usability and security for users of messaging applications who need to verify keys remotely, but it is incremental as it builds on existing key fingerprint methods.
The study investigated whether visual or verbal comparisons of word-based key fingerprints are more effective for manual key verification in messaging apps, finding that visual comparisons reduce non-security critical errors and increase confidence, while verbal comparisons are perceived as easier and less mentally demanding.
The security of messaging applications against person-in-the-middle attacks relies on the authenticity of the exchanged keys. For users unable to meet in person, a manual key fingerprint verification is necessary to ascertain key authenticity. Such fingerprints can be exchanged visually or verbally, and it is not clear in which condition users perform best. This paper reports the results of a 62-participant study that investigated differences in performance and perceived usability of visual and verbal comparisons of word-based key fingerprints, and the influence of the individual's cognitive learning style. The results show visual comparisons to be more effective against non-security critical errors and are perceived to provide increased confidence, yet participants perceive verbal comparisons to be easier and require less mental effort. Besides, limited evidence was found on the influence of the individual's learning style on their performance.