Presentation on theme: "Security vs Usability Dr Kate Dingley Principal lecturer and International Coordinator for the School of Computing"— Presentation transcript:
Security vs Usability Dr Kate Dingley Principal lecturer and International Coordinator for the School of Computing
What do we know about Usability? Human needs and goals Analysing system requirements Evaluating prototypes GUIs (graphic user interfaces) Group working Mobile interfaces
What do we know about Usability? The HCI process Human needs and goals –Start with what the user actually wants to do Analysing system requirements –Then analyse and design system concepts to support their needs Evaluating prototypes –Build a quick prototype and evaluate your design
HCI aspects continued GUIs (graphic user interfaces) –Support recognition so user don’t have to recall things Group working –Modern work is seldom in isolation –Group working is vital Mobile interfaces –So much more in so little space
Human Needs and Perception Usability is based on understanding and designing for human needs Recognition is easier than recall ◦Short term memory is fairly limited ◦We use metaphors to help us learn and understand ◦Grouping things helps memory ◦We cannot remember and then forget on command ◦Language and culture affect understanding and use d
Analysing Needs Who is the User? –The person using the system or the one requiring the security Whose needs take priority? Consider how often you have to verify some characters If you dont type these exactly you wont achieve your goal(task)
What are the consequences of poor security?
Consequences For the site owner:- Reduced “information harvesting” More likely to be the correct user User is not able to use their service For the end user:- Feeling of security Frustration Move to another supplier if available If a user is prevented from using the site, how does this fit with Equality Act legislation?
Prototypes and evaluation Stakeholders are the people who would be interested in a system or its development –Often appointed at high level Testing a prototype with end users is important in ensuring usability –Real users are vital Security has traditionally been tested differently – access control, prevention, reset, etc, is quite different to principles of usability –Keyword in security is “prevention” –Keyword in usability is “enable”
Graphic User Interfaces Evolved with windows, icons, menus, mice to make interfaces easier to use Security dialogues are making things hard again Recall needed, little opportunity to recover from mistakes – return to command line interface Issues !People write them down! How do you forget an old p/word?
Security and human memory Memory is essential for high security –http://www.youtube.com/watch?v=p-j4WWko- 4Y&feature=relatedhttp://www.youtube.com/watch?v=p-j4WWko- 4Y&feature=related However we remember more in context –http://www.youtube.com/watch?v=BdSBwpqydY8&f eature=relatedhttp://www.youtube.com/watch?v=BdSBwpqydY8&f eature=related –But things can interrupt memory retrieval z
Group Working Groups present their own problems –Do all users share a login or have separate IDs? If you have assistive technology like speech/voice data entry - how do you enter personal data without it being overheard? –Even if you can enter text data, hearing your private information read by a computer voice is no fun –http://www.youtube.com/watch?v=XSHmPamLGQA& feature=relatedhttp://www.youtube.com/watch?v=XSHmPamLGQA& feature=related –http://www.youtube.com/watch?v=H6y4CWiqCFc&fe ature=related – using voice verifcationhttp://www.youtube.com/watch?v=H6y4CWiqCFc&fe ature=related d
Mobile interfaces Usability already harder – –Nested menus –Readability slower due to short lines –Screen visibility in different light However, mobile devices easier to steal – so need more, not less protection Mobile devices often store contacts, financial and p/word information
Solutions Biometrics –Not as easy as implied –Still have to remember stuff – eg, which finger to swipe What problems can you think of? –http://www.youtube.com/watch?v=RqWx7e8EVOYhttp://www.youtube.com/watch?v=RqWx7e8EVOY _and_Biometrics_final2.pdf -big document!http://zing.ncsl.nist.gov/biousa/docs/Usability _and_Biometrics_final2.pdf 04-politics.htmlhttp://www.stcsig.org/usability/newsletter/02 04-politics.html
Biometrics:- further information tochttp://www.youtube.com/watch?v=0o5Uu6H8 toc
Ergonomics Move systems out of an office and there are more issues Outside you have heat and cold, dirt, poor light and glare There are the dangers of use while walking, cycling or driving - but add a p/word for real danger –Eg voice dial phone, but 4 digit keycode must be entered first People with physical disabilities are barred from use – eg arthritis would make finger scan hard/painful or impossible
People, again! Research has shown that people generally dont appreciate the need for good security when it conflicts with usability “We conjecture that this is the case because people prefer convenience over security”. Dhamija & Perrig, 2001 (deja vu) /papers/usenix.pdf /papers/usenix.pdf Behaviour modification may work in the long term
Summary Nearly everything we have learned about usability currently conflicts with security systems as we know them Some research is being undertaken this would make interesting projects and offer job opportunities