The heightened interest in website authentication technologies is fueled by a rise in cybercrimes, such as phishing, and US federal regulations that require financial websites to use two-factor authentication [2, 7]. Website authentication technologies attempt to solve one direction of the mutual authentication problem on the Internet by either altering the login process or providing the user with supplemental information. The primary usability questions in website authentication are how does a website communicate to the user it is the real site and how does a user identify a malicious website? Usability plays a major factor in the effectiveness of the technology but receives little attention during development.
To facilitate usability evaluations, we present RUST, a Retargetable USability Testbed which is a testbed composed of a usability study design and a test harness for the test environment. First we discuss prior work in the area and then we describe the design process for the usability study. Next, we describe the test harness. Finally, we present results from two usability studies conducted at Columbia to illustrate how we validated RUST.