Section 31.4. Security and Usability | Security and Usability: Designing Secure Systems That People Can Use

31.4. Security and Usability

Like all systems, Groove makes tradeoffs between security and usability to achieve the user's goals. And like all security software engineers, we know that the user is often the weakest link in the system. But instead of only preventing the user from performing insecure actions or forcing the user to learn proper security protocols, we chose to flexibly adapt our security around the strengths and weaknesses of users and the environment in which they work.

CORE PRINCIPLES

Design for the strengths and weaknesses of the user. A flexible approach to security is significantly stronger than one that imposes security on the user.
Do not force users to be administrators.
Remember that administrators are users too.
Build in the highest possible security from day oneit will be harder to add it later.
Design the user interface so that it is similar to those of existing popular systems. User confusion leads to security compromises.
Ensure that security features meant for one user group do not negatively impact the usability for another group.

When we started the design of Groove Virtual Office, the twin goals of high security and high usability seemed mutually exclusive. Security and usability are disciplines that are half art and half science. There are no algorithms to ensure the security of a system, any more than there are algorithms that guarantee usability. But in both disciplines, the first principle is the same: design for the strengths and weaknesses of the user. Once we adopted this view into our design process, reconciling the two disciplines was easier.