Moving from the design of usable security technologies to the design of useful secure applications

Authors:
D. K. Smetters;R. E. Grinter
Affiliations:
PARC, Palo Alto, CA;PARC, Palo Alto, CA
Venue:
Proceedings of the 2002 workshop on New security paradigms
Year:
2002

Citing 20
Cited 27

Why CSCW applications fail: problems in the design and evaluationof organizational interfaces

CSCW '88 Proceedings of the 1988 ACM conference on Computer-supported cooperative work
Design patterns: elements of reusable object-oriented software

Design patterns: elements of reusable object-oriented software
Supporting articulation work using software configuration management systems

Computer Supported Cooperative Work - Special issue on studies of cooperative design
The Emperor's old armor

NSPW '96 Proceedings of the 1996 workshop on New security paradigms
User-centered security

NSPW '96 Proceedings of the 1996 workshop on New security paradigms
Refactoring: improving the design of existing code

Refactoring: improving the design of existing code
Users are not the enemy

Communications of the ACM
Optimistic security: a new access control paradigm

Proceedings of the 1999 workshop on New security paradigms
Pretty good persuasion: a first step towards effective password security in the real world

Proceedings of the 2001 workshop on New security paradigms
Security Engineering: A Guide to Building Dependable Distributed Systems

Security Engineering: A Guide to Building Dependable Distributed Systems
Contextual Design: Defining Customer-Centered Systems

Contextual Design: Defining Customer-Centered Systems
Using speakeasy for ad hoc peer-to-peer collaboration

CSCW '02 Proceedings of the 2002 ACM conference on Computer supported cooperative work
Transforming the 'Weakest Link' — a Human/Computer Interaction Approach to Usable and Effective Security

BT Technology Journal
At Home with Ubiquitous Computing: Seven Challenges

UbiComp '01 Proceedings of the 3rd international conference on Ubiquitous Computing
Usability meets security - the Identity-Manager as your personal security assistant for the Internet

ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
Why Information Security is Hard-An Economic Perspective

ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Déjà Vu: a user study using images for authentication

SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
The design and analysis of graphical passwords

SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Why Johnny can't encrypt: a usability evaluation of PGP 5.0

SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Establishing identity without certification authorities

SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6

Using speakeasy for ad hoc peer-to-peer collaboration

CSCW '02 Proceedings of the 2002 ACM conference on Computer supported cooperative work
In Search of Usable Security: Five Lessons from the Field

IEEE Security and Privacy
A PIN-entry method resilient against shoulder surfing

Proceedings of the 11th ACM conference on Computer and communications security
Security in the wild: user strategies for managing security as an everyday, practical problem

Personal and Ubiquitous Computing
Hardening Web browsers against man-in-the-middle and eavesdropping attacks

WWW '05 Proceedings of the 14th international conference on World Wide Web
Security and usability engineering with particular attention to electronic mail

International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
Authentication interface evaluation and design for mobile devices

InfoSecCD '05 Proceedings of the 2nd annual conference on Information security curriculum development
Share and share alike: exploring the user interface affordances of file sharing

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Secrecy, flagging, and paranoia: adoption criteria in encrypted email

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Divide and conquer: the role of trust and assurance in the design of secure socio-technical systems

NSPW '05 Proceedings of the 2005 workshop on New security paradigms
Pictures at the ATM: exploring the usability of multiple graphical passwords

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
The psychology of security

Communications of the ACM - The psychology of security: why do good users make bad decisions?
Sesame: informing user security decisions with system visualization

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Keyholes: selective sharing in close collaboration

CHI '08 Extended Abstracts on Human Factors in Computing Systems
Quantitative risk-based security prediction for component-based systems with explicitly modeled attack profiles

Journal of Systems and Software
Experiences with recombinant computing: Exploring ad hoc interoperability in evolving digital networks

ACM Transactions on Computer-Human Interaction (TOCHI)
Usability for IT: manageability of data security technologies for client devices

ICCOMP'08 Proceedings of the 12th WSEAS international conference on Computers
Security automation considered harmful?

NSPW '07 Proceedings of the 2007 Workshop on New Security Paradigms
Usable security: User preferences for authentication methods in eBanking and the effects of experience

Interacting with Computers
A sense of security in pervasive computing: is the light on when the refrigerator door is closed?

FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
User interface models for the cloud

UIST '10 Adjunct proceedings of the 23nd annual ACM symposium on User interface software and technology
An empirical study on the usability of logout in a single sign-on system

ISPEC'05 Proceedings of the First international conference on Information Security Practice and Experience
Instant matchmaking: simple and secure integrated ubiquitous computing environments

UbiComp'06 Proceedings of the 8th international conference on Ubiquitous Computing
Security versus convenience? An experimental study of user misperceptions of wireless internet service quality

Decision Support Systems
Risk communication design: video vs. text

PETS'12 Proceedings of the 12th international conference on Privacy Enhancing Technologies
A method for incorporating usable security into computer security courses

Proceeding of the 44th ACM technical symposium on Computer science education
Towards an efficient verification approach on network configuration

Proceedings of the 8th International Conference on Network and Service Management

Quantified Score

Hi-index	0.00

Visualization

Abstract

Recent results from usability studies of security systems have shown that end-users find them difficult to adopt and use. In this paper we argue that improving the usability of security technology is only one part of the problem, and that what is missed is the need to design usable and useful systems that provide security to end-users in terms of the applications that they use and the tasks they want to achieve. We propose alternate ways of building and integrating security technologies into applications and usability methods for evaluating how successful our prototypes are. We believe that the end results of designing usable and useful (from the end-user perspective) systems will be secure applications which will reflect the needs of users who are increasingly using computers away from the office and in a wider variety of networked configurations.