Researchers at Brigham Young University have learned that most users of popular messaging apps Facebook Messenger, What’sApp and Viber are leaving themselves exposed to fraud or other hacking because they don’t know about or aren’t using important security options. Even though What’sApp and Viber encrypt messages by default, all three messaging apps also require what’s called an authentication ceremony to ensure true security. And without that ceremony "it is possible that a malicious third party or man-in-the middle attacker can eavesdrop on their conversations."
In a two-phase experiment, users were instructed to share a credit card number with another participant. Only 14 percent of users successfully managed to authenticate their recipient. In the second phase, they were asked to do the same, but this time researchers emphasized the importance of authentication ceremonies. With that prompting, 79 percent of users were able to successfully authenticate the other party. Despite the increase, participants averaged 11 minutes to authenticate their partners.
I don't personally use any of these apps so I can't directly comment on the authentication process. It is nice that these apps do provide such a ceremony to make sure the messages stay secure, but having them buried on average 11 minutes away is ridiculous.
Because most people don’t experience significant security problems, both professors agreed, it’s hard to make a case for them investing the time and effort to understand and use security features that applications offer. But because there’s always a risk in online communications, Seamons added, "we want to make it much easier to do and cut that time way down."
In a two-phase experiment, users were instructed to share a credit card number with another participant. Only 14 percent of users successfully managed to authenticate their recipient. In the second phase, they were asked to do the same, but this time researchers emphasized the importance of authentication ceremonies. With that prompting, 79 percent of users were able to successfully authenticate the other party. Despite the increase, participants averaged 11 minutes to authenticate their partners.
I don't personally use any of these apps so I can't directly comment on the authentication process. It is nice that these apps do provide such a ceremony to make sure the messages stay secure, but having them buried on average 11 minutes away is ridiculous.
Because most people don’t experience significant security problems, both professors agreed, it’s hard to make a case for them investing the time and effort to understand and use security features that applications offer. But because there’s always a risk in online communications, Seamons added, "we want to make it much easier to do and cut that time way down."