Section 13.4. Conclusion

13.4. Conclusion

This chapter has offered advice at two levels: the guidelines describe qualities that usable secure software should have, and the strategies describe ways to design software with those qualities. Although these strategies address only some of the guidelines and are far from a complete solution, they have been effective in many situations. As we saw in our discussion of how phishing exploits email's weaknesses, integrating with insecure installed systems yields some of the toughest design problems and can prevent the direct application of these strategies. Even in such cases, the guidelines and strategies can help highlight vulnerable areas of a system and improve the design of countermeasures.

The theme of user initiation links the two strategies presented here. With security by designation, the user proactively designates an action instead of reacting to a notification that appears out of context. With user-assigned identifiers, the user proactively assigns names instead of reacting to names that are controlled by another party. Security based on actions initiated by the user more accurately captures the user's intentions than security based on the user's response to external stimuli. When the user initiates, security works for the user instead of the user working for security.