Section 32.3. Security Needs User-Centered Design

Previous page
Table of content
Next page

32.3. Security Needs User-Centered Design

Insufficient communication with users produces a lack of a user-centered design in security mechanisms. Many of these mechanisms create overheads for users, or require unworkable user behavior. It is therefore hardly surprising to find that many users try to circumvent such mechanisms.

Requiring users to have a large number of passwords (for multiple applications and change regimes) was found to create serious usability problems. Although change regimes are employed to reduce the impact of an undetected security breach, our findings suggest that they reduce the overall password security in an organization. Users required to change their passwords frequently produce less secure password content (because they have to be more memorable) and disclose their passwords more frequently. Many of the users felt forced into these circumventing procedures, which subsequently decreased their own security motivation. Ultimately, this produces a spiraling decline in users' password behavior ("I cannot remember my password, I have to write it down, everyone knows it's on a Post-it in my drawer, so I might as well stick it on the screen and tell everyone who wants to know"). Organization A was understandably worried to discover such attitudes, as social engineers rely on password disclosure and low security awareness and motivation to breach security mechanisms. The cost associated with resetting passwords in Organization A was one of the visible consequences, prompting the study that is the basis for this article. Recognizing the impact that cognitive overheads introduced by some password mechanisms have on users' security motivation, the security and human factors groups in Organization A have joined forces to develop a user-centered approach to the design of password and other security mechanisms. Such approaches will also have to take into account that the number of passwords required outside the workplace is growing constantly, thus increasing the cognitive load of users.


Previous page
Table of content
Next page
Security and Usability. Designing Secure Systems that People Can Use
Security and Usability: Designing Secure Systems That People Can Use
ISBN: 0596008279
EAN: 2147483647
Year: 2004
Pages: 295
Authors: Lorrie Faith Cranor, Simson Garfinkel
BUY ON AMAZON
Kanban Made Simple: Demystifying and Applying Toyotas Legendary Manufacturing Process
WebLogic: The Definitive Guide
C++ GUI Programming with Qt 3
Lean Six Sigma for Service : How to Use Lean Speed and Six Sigma Quality to Improve Services and Transactions
DNS & BIND Cookbook
Microsoft Visual Basic .NET Programmers Cookbook (Pro-Developer)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy