Usable Security

Usable Security

Andrea Atzeni (Politecnico di Torino, Italy), Shamal Faily (Bournemouth University, UK) and Ruggero Galloni (Square Reply S.r.l., Italy)
Copyright: © 2018 |Pages: 10
DOI: 10.4018/978-1-5225-2255-3.ch433
OnDemand PDF Download:
List Price: $37.50


The increased availability of information and services has led to the affirmation of the Internet involvement of a large segment of the population. This implied a paradigm shift for computer security: users becomes less skilled and security aware, requiring easier interface to communicate with “the machine” and more specific and comprehensible security measures.This two aspects, which are by itself complex and challenging, have significant reciprocal influence. In practice, has been proven very intriguing to study and propose effective trade-offs among them. This chapter focus on these aspects, by analyzing the goals and state of the art of usability and security to understand where and how they might be effectively “aligned”.
Chapter Preview


Human-Computer Interaction (HCI) is a field concerned with the interaction between people and technology, and how this supports humans in completing tasks to achieve one of more specific goals. Traditionally, it has been involved in analyzing and improving usability.

HCI has been an active area of research since the 1980s. It has focused on improving the design of user interfaces, and helping users transforming their goals into productive actions for the computers. Improving user interfaces and usability is important because poorly designed interfaces increase the potential for human error. In particular, human behavior is largely goal-driven, therefore the execution of activities which help the users to achieve their goals is the main key to create a usable system. So, when a user “engages with a complex system of rules that change as the problem changes” (e.g. an interface does not present information clearly and coherently with a user mental model), it leads to “Cognitive Friction” (Cooper, 2004).

The “Cognitive Friction” is a by-product of the information age, and it is more evident in all the computing devices lacking a natural cause-effect relation between user input and device output, e.g. when similar inputs result in different outputs.

When a person is dealing with the cognitive friction, ancestral mechanisms of the human being come into play. As result, in this case, users cannot be modeled as purely rational beings. Thus, to understand users’ behavior, and to appreciate how systems can be made usable, we need to consider the following factors:

Key Terms in this Chapter

Psychological Acceptability: A founding principle of usable security stating that “ it is essential that the human interface is designed for ease of use so that users routinely and automatically apply the protection mechanisms correctly”.

Product-Oriented Usability: The categorization of usability aiming to achieve it addressing the final products characteristics (e.g. learning curve to use the product).

Satisfaction: The property which measures to what extent the user's needs are subjectively satisfied by the product.

Pleasurable (ISO/IEC 25010): The extent to which the user is satisfied with his perceived achievement of hedonistic goals of stimulation, identification and evocation and associated emotion responses.

Memorability: A factor which measures how much a product require users to memorize secrets (e.g. passwords or passphrases).

Process-Oriented Usability: The categorization of usability aiming to achieve it addressing the characteristics of the process to obtain the final product (e.g. documentation and design effort).

Comfort (ISO/IEC 25010): The extent to which the user is satisfied with physical comfort.

Operability: The degree to which the product has attributes that enable it to be understood, be learned, be used and be attractive to the user, when used under specific conditions.

Likeability (ISO/IEC 25010): The extent to which the user perceives achievement of pragmatic goals, including successful subjective results of use and consequences of use.

Trust (ISO/IEC 25010): The extent to which the user is persuaded that the product will behave as intended.

Cognitive Friction: The affinity friction between the user and the software that originates in the user mind when a product does not behave the way the user expects (e.g. a button on the screen that does not trigger any action when the user press it). ( ).

Effectiveness: The properties which measures to what extent interactions achieve objective process efficiency indicators (i.e. concrete results of user actions while using the addressed product).

Complete Chapter List

Search this Book: