Experts Are Not Infallible – The Need for Usable System Security
Author(s): Matthew Smith
Download: Paper (PDF)
Date: 27 Jul 2015
Document Type: Briefing Papers
Associated Event: NDSS Symposium 2015
Many aspects of information security combine technical and human factors. If a highly secure system is unusable, users will try to circumvent the system or migrate entirely to less secure but more usable systems. Problems with usability are a major contributor to many recent high-profile security failures. The research domain of usable security and privacy addresses these issues. However, the main focus of researchers in this field has been on the “non-expert” end user. After placing this issue in context of current research, the presenter will argue that greater attention needs to be paid to the human aspects of system security and the administrators and developers involved in it. The talk will use TLS as an example to illustrate usable security and privacy issues across all levels and for all actors involved in the system.