Security and usability

Discussion articles

  • Beyond surface credibility online
    In an online world full of Adware, Browser Hijackers, Dialers, Trojans, Drive-by Downloading, Viruses, Worms, Spam, and Phishers credibility is increasingly difficult to develop and maintain.

  • Cracking password usability: exploiting human memory to create secure and memorable passwords
    Keeping track of passwords is a challenge that we all face. Ideally, the passwords that we use should be both secure and memorable. But there is a constant tension between the security and the usability of the passwords in password selection.

  • Password usability and typability
    There is a tension between usability and security. Nowhere is that more obvious than with passwords.

  • People's bad password habits exposed
    Psychology researchers have studied how people choose passwords and confirm security experts worst fears.

  • Pictures as passwords
    Passwords are a cheap, cheerful and ancient security measure. But might it make more sense to use pictures instead?

  • Secure interaction design
    Usability and security aren't contrary goals; don't assume that you must sacrifice one for the sake of the other. In fact, a system that's hard to understand and use will almost certainly have security problems in practice. And a more secure system is a more reliable, more effective system: hence, a more usable system.

  • Security and human factors
    A big lie of computer security is that security improves as password complexity increases. In reality, users simply write down difficult passwords, leaving the system vulnerable. Security is better increased by designing for how people actually behave.

  • The paradox of usable security
    My colleague at Serco Usability Services, Simon Herd, has been working on banking applications for over a decade and has been considering the implications of security usability. I'd like to share his thoughts on the subject with you.

  • User education is not the answer to security problems
    Internet scams cannot be thwarted by placing the burden on users to defend themselves at all times. Beleaguered users need protection, and the technology must change to provide this.

  • Yes, Virginia, security affects usability
    In this installment of The Cranky User, Peter Seebach looks at how security affects usability and offers some background information on the threats computers face--types of attacks, types of security holes, and how these problems affect users.

Research articles

  • Password security: what users know and what they actually do
    "This study investigated the common password generation practices of online users. Three hundred and fifteen undergraduate and graduate students completed a survey querying (1) the types and number of different password protected accounts maintained; (2) actual practices used in generating, storing and using passwords; (3) practices believed they should use in generating and storing passwords; and (4) general demographic information. Results indicate that, in general, users do not vary the complexity of passwords depending on the nature of the site (bank account vs. instant messenger) or change their passwords on any regular basis if it is not required by the site. Users report using lower case letters, numbers or digits, personally meaningful numbers and personally meaningful words when creating passwords, despite the fact that they realize that these methods may not be the most secure."
    (Shannon Riley - Usability News)

Bibliographies

  • Usability of computer security: a bibliography
    This is a collection of references relating to the usability of computer security that contains two types of papers: some are from the security literature and relate to user interfaces or the usability of security systems, while others are from the HCI literature and relate to privacy, user needs or user studies of security systems.