| | Copyright |
| | Preface |
| | | Goals of This Book |
| | | Audience for This Book |
| | | Structure of This Book |
| | | Conventions Used in This Book |
| | | Safari Enabled |
| | | How to Contact Us |
| | | Acknowledgments |
| | Part I: Realigning Usability and Security |
| | | Chapter One. Psychological Acceptability Revisited |
| | | Section 1.1. Passwords |
| | | Section 1.2. Patching |
| | | Section 1.3. Configuration |
| | | Section 1.4. Conclusion |
| | | Section 1.5. About the Author |
| | | Chapter Two. Why Do We Need It? How Do We Get It? |
| | | Section 2.1. Introduction |
| | | Section 2.2. Product: Human Factors, Policies, and Security Mechanisms |
| | | Section 2.3. Process: Applying Human Factors Knowledge and User-Centered Approaches to Security Design |
| | | Section 2.4. Panorama: Understanding the Importance of the Environment |
| | | Section 2.5. Conclusion |
| | | Section 2.6. About the Authors |
| | | Chapter Three. Design for Usability |
| | | Section 3.1. Death by Security |
| | | Section 3.2. Balance Security and Usability |
| | | Section 3.3. Balance Privacy and Security |
| | | Section 3.4. Build a Secure Internet |
| | | Section 3.5. Conclusion |
| | | Section 3.6. About the Author |
| | | Chapter Four. Usability Design and Evaluation for Privacy and Security Solutions |
| | | Section 4.1. Usability in the Software and Hardware Life Cycle |
| | | Section 4.2. Case Study: Usability Involvement in a Security Application |
| | | Section 4.3. Case Study: Usability Involvement in the Development of a Privacy Policy Management Tool |
| | | Section 4.4. Conclusion |
| | | Section 4.5. About the Authors |
| | | Chapter Five. Designing Systems That People Will Trust |
| | | Section 5.1. Introduction |
| | | Section 5.2. The Trust-Risk Relationship |
| | | Section 5.3. The Time-Course of Trust |
| | | Section 5.4. Models of Trust |
| | | Section 5.5. Trust Designs |
| | | Section 5.6. Future Research Directions |
| | | Section 5.7. About the Authors |
| | Part II: Authentication Mechanisms |
| | | Chapter Six. Evaluating Authentication Mechanisms |
| | | Section 6.1. Authentication |
| | | Section 6.2. Authentication Mechanisms |
| | | Section 6.3. Quality Criteria |
| | | Section 6.4. Environmental Considerations |
| | | Section 6.5. Choosing a Mechanism |
| | | Section 6.6. Conclusion |
| | | Section 6.7. About the Author |
| | | Chapter Seven. The Memorability and Security of Passwords |
| | | Section 7.1. Introduction |
| | | Section 7.2. Existing Advice on Password Selection |
| | | Section 7.3. Experimental Study |
| | | Section 7.4. Method |
| | | Section 7.5. Results |
| | | Section 7.6. Discussion |
| | | Section 7.7. Acknowledgments |
| | | Section 7.8. About the Authors |
| | | Chapter Eight. Designing Authentication Systems with Challenge Questions |
| | | Section 8.1. Challenge Questions as a Form of Authentication |
| | | Section 8.2. Criteria for Building and Evaluating a Challenge Question System |
| | | Section 8.3. Types of Questions and Answers |
| | | Section 8.4. Designing a Challenge Question Authentication System |
| | | Section 8.5. Some Examples of Current Practice |
| | | Chapter Nine. Graphical Passwords |
| | | Section 9.1. Introduction |
| | | Section 9.2. A Picture Is Worth a Thousand Words |
| | | Section 9.3. Picture Perfect? |
| | | Section 9.4. Let's Face It |
| | | Section 9.5. About the Authors |
| | | Chapter Ten. Usable Biometrics |
| | | Section 10.1. Introduction |
| | | Section 10.2. Where Are Biometrics Used? |
| | | Section 10.3. Biometrics and Public Technology: The ATM Example |
| | | Section 10.4. Evaluating Biometrics |
| | | Section 10.5. Incorporating User Factors into Testing |
| | | Section 10.6. Conclusion |
| | | Section 10.7. About the Author |
| | | Chapter Eleven. Identifying Users from Their Typing Patterns |
| | | Section 11.1. Typing Pattern Biometrics |
| | | Section 11.2. Applications |
| | | Section 11.3. Overview of Previous Research |
| | | Section 11.4. Evaluating Previous Research |
| | | Section 11.5. Privacy and Security Issues |
| | | Section 11.6. Conclusion |
| | | Section 11.7. About the Authors |
| | | Chapter Twelve. The Usability of Security Devices |
| | | Section 12.1. Introduction |
| | | Section 12.2. Overview of Security Devices |
| | | Section 12.3. Usability Testing of Security Devices |
| | | Section 12.4. A Usability Study of Cryptographic Smart Cards |
| | | Section 12.5. Recommendations and Open Research Questions |
| | | Section 12.6. Conclusion |
| | | Section 12.7. Acknowledgments |
| | | Section 12.8. About the Authors |
| | Part III: Secure Systems |
| | | Chapter Thirteen. Guidelines and Strategies for Secure Interaction Design |
| | | Section 13.1. Introduction |
| | | Section 13.2. Design Guidelines |
| | | Section 13.3. Design Strategies |
| | | Section 13.4. Conclusion |
| | | Section 13.5. Acknowledgments |
| | | Section 13.6. About the Author |
| | | Chapter Fourteen. Fighting Phishing at the User Interface |
| | | Section 14.1. Introduction |
| | | Section 14.2. Attack Techniques |
| | | Section 14.3. Defenses |
| | | Section 14.4. Looking Ahead |
| | | Section 14.5. About the Authors |
| | | Chapter Fifteen. Sanitization and Usability |
| | | Section 15.1. Introduction |
| | | Section 15.2. The Remembrance of Data Passed Study |
| | | Section 15.3. Related Work: Sanitization Standards, Software, and Practices |
| | | Section 15.4. Moving Forward: A Plan for Clean Computing |
| | | Section 15.5. Acknowledgments |
| | | Section 15.6. About the Author |
| | | Chapter Sixteen. Making the Impossible Easy: Usable PKI |
| | | Section 16.1. Public Key Infrastructures |
| | | Section 16.2. Problems with Public Key Infrastructures |
| | | Section 16.3. Making PKI Usable |
| | | Section 16.4. About the Authors |
| | | Chapter Seventeen. Simple Desktop Security with Chameleon |
| | | Section 17.1. Introduction |
| | | Section 17.2. Chameleon User Interface |
| | | Section 17.3. Chameleon Interface Development |
| | | Section 17.4. Chameleon Implementation |
| | | Section 17.5. Conclusion |
| | | Section 17.6. Acknowledgments |
| | | Section 17.7. About the Authors |
| | | Chapter Eighteen. Security Administration Tools and Practices |
| | | Section 18.1. Introduction |
| | | Section 18.2. Attacks, Detection, and Prevention |
| | | Section 18.3. Security Administrators |
| | | Section 18.4. Security Administration: Cases from the Field |
| | | Section 18.5. Conclusion |
| | | Section 18.6. Acknowledgments |
| | | Section 18.7. About the Authors |
| | Part IV: Privacy and Anonymity Systems |
| | | Chapter Ninteen. Privacy Issues and Human-Computer Interaction |
| | | Section 19.1. Introduction |
| | | Section 19.2. Privacy and HCI |
| | | Section 19.3. Relevant HCI Research Streams |
| | | Section 19.4. Conclusion |
| | | Section 19.5. About the Authors |
| | | Chapter Twenty. A User-Centric Privacy Space Framework |
| | | Section 20.1. Introduction |
| | | Section 20.2. Security and Privacy Frameworks |
| | | Section 20.3. Researching the Privacy Space |
| | | Section 20.4. Privacy as a Process |
| | | Section 20.5. Conclusion |
| | | Section 20.6. About the Author |
| | | Chapter Twenty One. Five Pitfalls in the Design for Privacy |
| | | Section 21.1. Introduction |
| | | Section 21.2. Faces: (Mis)Managing Ubicomp Privacy |
| | | Section 21.3. Five Pitfalls to Heed When Designing for Privacy |
| | | Section 21.4. Discussion |
| | | Section 21.5. Conclusion |
| | | Section 21.6. Acknowledgments |
| | | Section 21.7. About the Authors |
| | | Chapter Twenty Two. Privacy Policies and Privacy Preferences |
| | | Section 22.1. Introduction |
| | | Section 22.2. The Platform for Privacy Preferences (P3P) |
| | | Section 22.3. Privacy Bird Design |
| | | Section 22.4. Privacy Bird Evaluation |
| | | Section 22.5. Beyond the Browser |
| | | Section 22.6. About the Author |
| | | Chapter Twenty Three. Privacy Analysis for the Casual User with Bugnosis |
| | | Section 23.1. Introduction |
| | | Section 23.2. The Audience for Bugnosis |
| | | Section 23.3. Cookies, Web Bugs, and User Tracking |
| | | Section 23.4. The Graphic Identity |
| | | Section 23.5. Making It Simple Is Complicated |
| | | Section 23.6. Looking Ahead |
| | | Section 23.7. Acknowledgments |
| | | Section 23.8. About the Author |
| | | Chapter Twenty Four. Informed Consent by Design |
| | | Section 24.1. Introduction |
| | | Section 24.2. A Model of Informed Consent for Information Systems |
| | | Section 24.3. Possibilities and Limitations for Informed Consent: Redesigning Cookie Handling in a Web Browser |
| | | Section 24.4. Informing Through Interaction Design: What Users Understand About Secure Connections Through Their Web Browsing |
| | | Section 24.5. The Scope of Informed Consent: Questions Motivated by Gmail |
| | | Section 24.6. Acknowledgments |
| | | Section 24.7. About the Authors |
| | | Chapter Twenty Five. Social Approaches to End-User Privacy Management |
| | | Section 25.1. A Concrete Privacy Problem |
| | | Section 25.2. Acumen: A Solution Using Social Processes |
| | | Section 25.3. Supporting Privacy Management Activities with Social Processes |
| | | Section 25.4. Deployment, Adoption, and Evaluation |
| | | Section 25.5. Gaming and Anti-gaming |
| | | Section 25.6. Generalizing Our Approach |
| | | Section 25.7. Conclusion |
| | | Section 25.8. About the Authors |
| | | Chapter Twenty Six. Anonymity Loves Company: Usability and the Network Effect |
| | | Section 26.1. Usability for Others Impacts Your Security |
| | | Section 26.2. Usability Is Even More Important for Privacy |
| | | Section 26.3. Bootstrapping, Confidence, and Reputability |
| | | Section 26.4. Technical Challenges to Guessing the Number of Users in a Network |
| | | Section 26.5. Conclusion |
| | | Section 26.6. About the Authors |
| | Part V: Commercializing Usability: The Vendor Perspective |
| | | Chapter Twenty Seven. ZoneAlarm: Creating Usable Security Products for Consumers |
| | | Section 27.1. About ZoneAlarm |
| | | Section 27.2. Design Principles |
| | | Section 27.3. Efficient Production for a Fast Market |
| | | Section 27.4. Conclusion |
| | | Section 27.5. About the Author |
| | | Chapter Twenty Eight. Firefox and the Worry-Free Web |
| | | Section 28.1. Usability and Security: Bridging the Gap |
| | | Section 28.2. The Five Golden Rules |
| | | Section 28.3. Conclusion |
| | | Section 28.4. About the Author |
| | | Chapter Twenty Nine. Users and Trust: A Microsoft Case Study |
| | | Section 29.1. Users and Trust |
| | | Section 29.2. Consent Dialogs |
| | | Section 29.3. Windows XP Service Pack 2A Case Study |
| | | Section 29.4. Pop-Up Blocking |
| | | Section 29.5. The Ideal |
| | | Section 29.6. Conclusion |
| | | Section 29.7. About the Author |
| | | Chapter Thirty. IBM Lotus Notes/Domino: Embedding Security in Collaborative Applications |
| | | Section 30.1. Usable Secure Collaboration |
| | | Section 30.2. Embedding and Simplifying Public Key Security |
| | | Section 30.3. Designing Security Displays |
| | | Section 30.4. User Control of Active Content Security |
| | | Section 30.5. Conclusion |
| | | Section 30.6. About the Author |
| | | Chapter Thirty One. Achieving Usable Security in Groove Virtual Office |
| | | Section 31.1. About Groove Virtual Office |
| | | Section 31.2. Groove Virtual Office Design |
| | | Section 31.3. Administrators' Strengths and Weaknesses |
| | | Section 31.4. Security and Usability |
| | | Section 31.5. About the Authors |
| | Part VI: The Classics |
| | | Chapter Thirty Two. Users Are Not the Enemy |
| | | Section 32.1. The Study |
| | | Section 32.2. Users Lack Security Knowledge |
| | | Section 32.3. Security Needs User-Centered Design |
| | | Section 32.4. Motivating Users |
| | | Section 32.5. Users and Password Behavior |
| | | Section 32.6. About the Authors |
| | | Chapter Thirty Three. Usability and Privacy: A Study of KaZaA P2P File Sharing |
| | | Section 33.1. Introduction |
| | | Section 33.2. Usability Guidelines |
| | | Section 33.3. Results of the Cognitive Walkthrough |
| | | Section 33.4. A Two-Part User Study |
| | | Section 33.5. Conclusion |
| | | Section 33.6. Acknowledgments |
| | | Section 33.7. About the Authors |
| | | Chapter Thirty Four. Why Johnny Can't Encrypt |
| | | Section 34.1. Introduction |
| | | Section 34.2. Understanding the Problem |
| | | Section 34.3. Evaluation Methods |
| | | Section 34.4. Cognitive Walkthrough |
| | | Section 34.5. User Test |
| | | Section 34.6. Conclusion |
| | | Section 34.7. Related Work |
| | | Section 34.8. Acknowledgments |
| | | Section 34.9. About the Authors |
| | Colophon |
| | | About the Editors |
| | | Colophon |
| | Index |