Chapter Three. Design for Usability


Bruce Tognazzini

THE GOAL OF SECURITY IS NOT TO BUILD SYSTEMS THAT ARE THEORETICALLY SECURABLE, but to build ones that are actually secure. This requires a combination of the theoretical and the practical. It requires close examination not only of the technology, but also of the human beings that will use it.

We can easily require users to supply passwords that are theoretically unbreakablefor example, 50 characters of random ASCII databut we must consider the capabilities and habits of real people. Everyone would immediately post their password on a little piece of paper on their monitor, then spend hours trying to enter it accurately, their errors hidden by those delightful little dots that march across our screens.

Even closing every possible loophole in the system cannot provide perfect security. Dedicated and knowledgeable spies will install software of their own, such as keyboard "sniffers" that report back every entry typed, circumventing the most elaborate precautions. The poor user ends up the victim in all this, battered by impossible memory and accuracy demands.

Fortunately, there's a solution to such misfortune. In this chapter, we'll look at ways of balancing security and usability, security and privacy, and how to achieve a comprehensive security plan that works by considering both internal and external factors. Finally, I will propose a way of rethinking security issues so that our solutions will offer real security, rather than just the appearance of security.



Security and Usability. Designing Secure Systems that People Can Use
Security and Usability: Designing Secure Systems That People Can Use
ISBN: 0596008279
EAN: 2147483647
Year: 2004
Pages: 295

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net