What is Usable Security? A Literature Review.
In “A Brief Introduction to Usable Security” by Bryan D. Payne and W. Keith Edwards, the authors provide an overview of research in usable computer security, focusing on user authentication and email encryption. They highlight the tension between usability and security in authentication systems, discussing various techniques such as passphrases, cognitive passwords, and graphical passwords. The authors emphasize the need for a balance between usability and security when designing authentication methods. In the context of email encryption, they discuss the historical development of encryption technologies like PEM, PGP, and S/MIME, noting the low adoption rates due to usability challenges. The authors reference empirical studies that reveal usability issues faced by users when using encryption technologies and propose the need for new guidelines to improve usability in security applications.
The paper also addresses usable security design, referring to guidelines proposed by Kai-Ping Yee, which encompass aspects such as the path of least resistance, active authorization, revocability, and visibility. Usable security emphasizes the importance of making security systems and processes transparent and easily understandable to users. Some successful design examples include the Salmon file permissions interface for Windows XP and the Network-in-a-Box system for secure wireless network setup. These designs align with the guidelines and enhance user security.
Conversely, flawed designs such as the Kazaa file-sharing interface and the Eudora PGP Encryption Plug-in are discussed, highlighting how their usability problems compromised security. The authors emphasize the importance of considering usability when designing security systems, achieving a balance between usability and security.
editor's pick
news via inbox
Nulla turp dis cursus. Integer liberos euismod pretium faucibua