Using human computer interaction principles to promote usable security
Computing, Health and Science
School of Computer and Information Science, Centre for Security Research
Faced with an increasing range of attacks, the appropriate use of available security features in computer systems and applications is becoming ever more necessary. However, although many applications provide ways in which users can protect themselves against threats, the design and implementation of these features can often be criticized from a Human Computer Interaction (HCI) perspective. This results in usability problems for novices and other non-technical users, which may compromise the level of protection that they can achieve. In this research, some standard principles of HCI have been used to devise guidelines to support the inclusion of security features within applications. Ten guidelines were created in total, and a number of existing applications have been assessed to determine their compliance. The results showed varying levels of adherence to the recommended practice, suggesting that current applications have some significant scope for improvement in their presentation of security functionality. To support this view, revised versions of user interfaces were designed for applications that achieved low scores, and the paper presents an example of the outcome to illustrate the approach. © 2005 University of the Aegean and University of Plymouth.