Usability

Goals

  • Understand how a lack of usability can lead to a lack of security
  • Explain why secure usability is hard
  • Develop three strategies for usable security

Overview

  • Why should secure systems consider usability?
  • How can a lack of usability lead to insecurity?

Why is Usable Security Hard?

Security Terminology

  • How do mental models impact security?
  • How do the mental models of security experts differ from those of ordinary users?

Complexity

  • What are four things that can make a system not usable?
  • How should we assess the complexity of a system?
    • How do we compare it to other alternatives?

Security as a Secondary Task

  • Why is security a secondary task?
  • What impact does that have?

Designing for Usable Security

Make it Invisible

  • What is User-Driven Access Control?
  • How do Access Control Gadgets work?
    • Why do they provide user-driven access control?
  • How did most file download prompts become invisible?

Better Interfaces

  • What are some factors that make a dialog box poor user interfaces?
  • How can warnings be made usable?
  • How does the design of a warning affect real security situations, like phishing?

User Education

  • Why is it challenging?
  • How can you get people to pay attention?
  • How does PhishGuru work?
  • How was it evaluated?

Social Engineering

  • What is social engineering?
  • What are some common techniques?
  • How can we defend against it?