Robert Biddle

Carleton University · School of Computer Science

The principles in the Agile Manifesto, the Scrum Guide and most other approaches to agile software development emphasize self-organizing teams, but rarely address issues of leadership. In this paper we report on a study of the nature of different aspects of leadership in agile teams. We used an established model of leadership, distinguishing transa...

Visual appeal has been shown to influence perceptions of usability and credibility, and we hypothesize that something similar is happening with user judgments of website security: What is beautiful is secure . Web certificates provide reliable information about a website’s level of security, presented in browser interfaces. Users should use this to...

roman xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> Background: Data breaches happen when an unauthorized party gains access to personally identifiable information. They are becoming more common and impactful, raising serious concerns for individuals as well as companies. Literature review: Although t...

This chapter deals with the Manifesto’s principle of self-organizing teams. In recent work, the authors examine the state of practice using data from a study of software professionals in Switzerland, especially addressing the issue of overall satisfaction. The chapter reveals that the most striking correlation to satisfaction is the level of adopti...

This paper explores how cultural attitudes and practices affect the design and usability of security software. Cultural differences cause users from eastern and western cultures to behave differently and sometimes insecurely with the same security tools because of dissimilar beliefs and understanding. Using the emics-etics framework to guide our ex...

In this paper we address the topic of software development team members satisfaction with their development process. We present an in-depth analysis of the results of a nationwide survey about software development in Switzerland. We wanted to find out if satisfaction relates to the applied development method, and to the use of various practices, an...

The Collaborative Learning of Usability Experiences (CLUE) training program1 is an NSERC CREATE grant that trains Canada's leaders in HCI. We aim to improve our trainees' capabilities across the disciplinary boundaries (Information Technology, Psychology, Computer Science, and Design), through collaborative professional skills development, experien...

VeraCrypt is a popular free and open source file encryption software that encrypts disks and partitions. It has known usability issues which limit its reach to a wider audience. One way of improving its usability is to better support user mental models by changing the functionality description. We did a Cognitive Walkthrough with usability experts...

A “deep” approach to education requires considering the non-linear connections between concepts, which is difficult to do with the standard linear textbook format. Guided by the cognitive science literature, we designed a format for a new, non-linear e-textbook format, and implemented a high fidelity prototype. We tested this prototype with end-use...

The principles behind the Agile Manifesto begin with "Our highest priority is to satisfy the customer...". It also states that Agile projects should be build around motivated and self-organized teams, which might also lead to more satisfied developers. Several studies indeed report an increased job satisfaction by anecdotal evidence. In this paper...

With increasing use of technology and the Internet among children, we explore how they create passwords to protect their personal information. We conducted a study with children 11 to 13 years to understand their password practices. The results of the study indicated that these children create simple passwords consisting of their personal informati...

In this paper we address the topic of satisfaction by analysis of the results of a national survey of software development in Switzerland. We found that satisfaction is reported more by those using Agile development than with plan-driven processes. We explored how satisfaction relates to other elements in the development process, including the use...

Two main concepts in Agile software development are self-organized teams and direct contact with the customer or Product Owner. Additionally, constant feedback on different levels is considered to be of high importance. With constant feedback, transparency goes hand-in-hand. Compared to traditional software development, Agile approaches have much h...

Stress is an important workplace issue, affecting both the health of individuals, and the health of organizations. Early advocacy for Agile Software Development suggested it might help avoid stress, with practices that emphasize a sustainable pace, and self-organizing teams. Our analysis of a 2014 survey, however, suggested that stress might still...

Managing passwords is a difficult task for users, who must create, remember, and keep track of large numbers of passwords. In this work, we investigated users’ coping strategies for password management. Through a series of interviews, we identified a “life cycle” of password use and find that users’ central task in coping with their passwords is ra...

Recent initiatives in software development process have stressed the importance of better integration of different aspects of the overall process. Agile methods have linked business analysis and development, and DevOps better connects development with operational deployment. In our recent studies, however, we found little integration with another a...

We studied the nature of incident response teams in seven Operations Centers of varying size and types including service providers, a Security Operations Center, a Data Center, and two military training Operations Centers. All responded to incidents by forming teams. We asked: what is the context of incident response work? how can we model incident...

Developing applications for touch devices is hard. Developing touch based applications for multi-user input is harder. The Multi-Touch for Java (MT4j) toolkit supports developing touch based applications for multiple users. In this paper, we outline our experience using MT4j for developing a number of software applications to support developers wor...

We designed an information visualization about phishing trends and phishing prevention for the general public to examine the effects of interactivity on information finding, user perceptions and security behaviour intentions, and effectiveness of learning. In an user study (N = 30) with two experimental conditions (HI – high interactivity, and LO –...

Experts are often asked for advice about password management, but how do they manage their own passwords? We conducted interviews with researchers and practitioners in computer security, asking them about their password management behaviour. We conducted a thematic analysis of our data, and found that experts described a dichotomy of behaviour wher...

Agile software development is characterized by very intensive communication and collaboration among members of the software development team and external stakeholders. In this context, we look specifically at cardwalls, noting that despite the wide availability of digital cardwalls, most Agile teams still use physical cardwalls to support their col...

This chapter relates to human factors in computer security, and how surface technology might support security analysis. This specific domain allowed us to investigate surface application design and development in an established context, and thus learn how the real needs of the domain might best be supported. Throughout, we were fortunate to have pa...

Purpose – This paper aims to propose that more useful novel schemes could develop from a more principled examination and application of promising authentication features. Text passwords persist despite several decades of evidence of their security and usability challenges. It seems extremely unlikely that a single scheme will globally replace text...

Surface computing encourages exploratory interaction, and many applications are designed to work this way. In essence, the fluid interaction causes the user to ask “What if?” We suggest this requires support for recording the history of such explorations and allowing reversion to earlier states. There are currently a variety of related mechanisms,...

Large displays facilitate collaboration, by allowing multiple co- located users to view and discuss content. Throughout our research with the ACH Walkthrough software [14] we discovered that one common interaction is gesturing and pointing at the screen as if attempting to markup content they are discussing. In response to this interaction, we deve...

To solve the long-standing problems users have in creating and remembering text passwords, a wide variety of alternative authentication schemes have been proposed. Some of these schemes outperform others by various metrics in various contexts. However, none unilaterally outperform all others, and so text passwords persist as the main scheme applica...

This paper presents ACH Walkthrough, a prototype software client server application to demonstrate the potential benefits of surface technologies in collaborative security intelligence analysis. The basis is the ACH (Analysis of Competing Hypotheses) technique, which requests factors relating to evidence and hypotheses, and builds a model that redu...

The problems with passwords are well-known: secure passwords are difficult to remember, users have too many passwords, and users have difficulty matching their passwords to accounts. Password managers and cued graphical passwords are two password solutions that address the issues of memorability and keeping track of of passwords. We have developed...

We study complex work environments to enable innovative improvements. In this paper we report on a technique we have created to depict the complex work environments of operators in IT operations control centers, developed after a 3-day field study in a large operations center. Because of security issues and tight time constraints on the operators'...

Most software development tools and applications are designed from a single-user perspective and are bound to the desktop and Integrated Development Environments (IDEs). These tools and applications make it hard for developers to analyse and interact with software artifacts collaboratively. We present SourceVisa multi-user collaborative software vi...

Users are susceptible to password guessing attacks when they create weak passwords. Despite an abundance of text-based password advice, it appears insufficient to help home users create strong memorable passwords. We propose that users would be empowered to make better password choices if they understood how password guessing attacks work through v...

Graphical passwords are an alternative form of authentication that use images for login, and leverage the picture superiority effect for good usability and memorability. Categories of graphical passwords have been distinguished on the basis of different kinds of memory retrieval (recall, cued-recall, and recognition). Psychological research suggest...

Study of images, in contexts as widespread as medicine, geography, and art history, demands attention to detail and exercise of memory. Presented with traditional textbooks, students have difficulty concentrating for the long periods of time needed to absorb the information. This paper presents a sketch-based game for learning images. We tested the...

Data operations and command centers are crucial for managing today's Internet-based economy. Despite advances in automation, the challenges placed on operations professionals continue to increase as they work individually or in teams to repair or proactively avoid service disruptions. Although there have been a few studies of collaborative work in...

Data operations and command centers are crucial for managing today's Internet-based economy. Despite advances in automation, the challenges placed on operations professionals continue to increase as they work individually or in teams to repair or proactively avoid service disruptions. Although there have been a few studies of collaborative work in...

The goal of this chapter is to look at designing surface technology applications to enable collaborative analysis work through a variety of theoretical lenses to illustrate how those theories can be used.

In domains where the technology infrastructure is rapidly changing, interaction design and software development are closely linked activities. In this chapter we first briefly review a few good approaches to the development process that address issues pertinent to surface applications for analysis work. We then discuss user interaction toolkits for...

Our review of the use of surface technologies for collaborative work summarized the most recent literature and then identified issues that suggest gaps and challenges for future research. We reviewed issues to do with technology, both hardware and software, making the point that this area is developing very rapidly. We also emphasized that large mu...

Buxton has emphasized that, at a minimum, the primary task of collaboration should not be impeded by technologies designed to support them [106]. Ideally, collaborative technologies should enable workflow.

In this chapter we first focus on large surface technologies, emphasizing those that have gone beyond the research lab and have become widely available. We then consider systems designed for analysis of large-scale data, especially where the analysis involves large-scale displays and collaboration. Our goal is to position these two elements, surfac...

Collaboration is an important aspect of software creation work. In field studies of 8 teams in the early stages of novel project work at 8 organizations we focused on understanding collaborative work from the perspective of both the interaction designer and the developer. We found designer-developer collaborations, often occurring in the context of...

In our work, we examine ways to apply work on graphical passwords to password management and other aspects of web security. We hope that applying knowledge from end-user computing will help to design more secure and usable systems.

Numerous graphical password schemes have re-cently been proposed as alternatives to traditional text pass-word authentication. We provide a comprehensive overview of published research in the area, covering both usability and security aspects, as well as system evaluation. The paper first catalogues existing approaches, highlighting novel features...

Text-based password systems are the authentication mechanism most commonly used on computer systems. Graphical passwords have recently been proposed because the pictorial-superiority effect suggests that people have better memory for images. The most widely advocated graphical password systems are based on recognition rather than recall. This appro...

When people choose to engage in an online activity, such as doing their banking online, or making a purchase through an online merchant, they are making a trust decision about the supplier and source of the website in question. It appears that a large majority of users commonly place their trust in most, if not all, websites they encounter, and thi...

This paper presents an integrated evaluation of the Persuasive Cued Click-Points graphical password scheme, including usability and security evaluations, and implementation considerations. An important usability goal for knowledge-based authentication systems is to support users in selecting passwords of higher security, in the sense of being from...

MVP is a framework allowing websites to use diverse knowledge-based authentication schemes. One application is its use in conducting ecologically valid user studies of authentication under the same experimental conditions. We introduce MVP and its key characteristics, discuss several authentication schemes, and offer lessons learned from running 9...

We studied collaborating interface designers and software developers engaged in multidisciplinary software creation work. Twenty-one designers and developers in 8 organizations were interviewed to understand how each specialist viewed team interactions. We also shadowed most participants as they worked on novel software projects with user interface...

Starting around 1999, a great many graphical password schemes have been proposed as alterna-tives to text-based password authentication. We provide a comprehensive overview of published research in the area, covering both usability and security aspects, as well as system evaluation. The paper first catalogues existing approaches, highlighting novel...

Graphical passwords are a novel method of knowledge-based authentication that shows promise for improved usability and memorability. This paper presents two studies that examined the effect of image type in cognometric, recognition-based graphical passwords. Specifically, the usability of such authentication schemes was explored at security levels...

Most software visualization systems and tools are designed from a single-user perspective and are bound to the desktop and Integrated Development Environments (IDEs). These design decisions do not allow users to easily navigate through software visualizations or to analyse software collaboratively. We have developed SourceVis, a collaborative multi...

Despite all efforts, password schemes intended to deploy or encourage the use of strong passwords have largely failed. As an alternative to enable users to create, maintain, and use high-quality passwords willingly, we propose Object-based Password (ObPwd), leveraging the universe of personal or personally meaningful digital content that many users...

In this paper we introduce StoryTrek, a locative hypernarrative system developed to generate stories based on a reader's location and specific movements in the real world. This creates, for readers, an interplay between navigation, narrative, and agency, as well as between the fictional and real world experience. In early tests we observed the emer...

Agile processes emphasize collaboration. We were interested in studying collaboration in agile teams including interaction designers, since the integration of user interaction design processes and software development processes is still an open issue. This study focused on designer and developer collaborations in the early stages of project work at...

Graphical passwords have been proposed to address known problems with traditional text passwords. For example, memorable user-chosen text passwords are predictable, but random system-assigned passwords are difficult to remember. We explore the usability effects of modifying system parameters to increase the security of a click-based graphical passw...

Digital audio workstations (DAWs) such as Digidesign Pro Tools, Apple Logic, and Ableton Live are the cornerstone of composition, recording, editing, and performing activities for producers working in popular music (Théberge 1997). Human-computer interaction (HCI) research has a unique challenge in understanding the activities of professional music...

Most software visualization tools are designed from a single-user perspective and are bound to the desktop, IDEs, and the web. Few tools are designed with sufficient support for the social aspects of software engineering such as collaboration, communication, and awareness. Our research aims at supporting co-located collaborative software analysis u...

Click-based graphical passwords are a new method of authentication where passwords are created and entered by clicking in particular places on an image. This paper presents a study that investigated eye tracking as a potential threat to the security of such passwords. If the gaze data from people looking at an image resembles the click-points of ot...

There are few visualization techniques for displaying complex software systems with large numbers of packages and classes. One visualization technique is the System Hotspots View, whose effectiveness has yet to be validated by any empirical studies. We have conducted a user evaluation to see whether participants of our modified System Hotspots View...

We present Cued Gaze-Points (CGP) as a shoulder-surfing resistant cued-recall graphical password scheme where users gaze instead of mouse-click. This approach has several advantages over similar eye-gaze systems, including a larger password space and its cued-recall nature that can help users remember multiple distinct passwords. Our 45-participant...

Click-based graphical passwords have been proposed as alternatives to text-based passwords, despite being potentially vulnerable to shoulder-surfing, where an attacker can learn passwords by watching or recording users as they log in. Cued Gaze-Points (CGP) is a graphical password system which defends against such attacks by using eye-gaze password...

This chapter explores the reality of the customer role - a critical, complex, and demanding role on agile teams. Despite initial difficulties, customers love agile development and would not do it any other way, but they also encountered many difficulties in their day-to-day work. In this chapter we describe the practices that have emerged to ensure...