Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0

User errors cause or contribute to most computer security failures, yet user interfaces for security still tend to be clumsy, confusing, or near-nonexistent. Is this simply due to a failure to apply standard user interface design techniques to security? We argue that, on the contrary, effective security requires a different usability standard, and that it will not be achieved through the user interface design techniques appropriate to other types of consumer software. To test this hypothesis, we performed a case study of a security program which does have a good user interface by general standards: PGP 5.0. Our case study used a cognitive walkthrough analysis together with a laboratory user test to evaluate whether PGP 5.0 can be successfully used by cryptography novices to achieve effective electronic mail security. The analysis found a number of user interface design flaws that may contribute to security failures, and the user test demonstrated that when our test participants were given 90 minutes in which to sign and encrypt a message using PGP 5.0, the majority of them were unable to do so successfully. We conclude that PGP 5.0 is not usable enough to provide effective security for most computer users, despite its attractive graphical user interface, supporting our hypothesis that user interface design for effective security remains an open problem. We close with a brief description of our continuing work on the development and application of user interface design principles and techniques for security.

[1]  Bonnie E. John,et al.  Evaluating a Multimedia Authoring Tool with Cognitive Walkthrough and Think-Aloud User Studies , 1997 .

[2]  Simson L. Garfinkel,et al.  PGP: Pretty Good Privacy , 1994 .

[3]  Matt Bishop,et al.  UNIX Security: Threats and Solutions , 1996 .

[4]  Clare-Marie Karat Iterative Usability Testing of a Security Application , 1989 .

[5]  John D. Howard,et al.  An analysis of security incidents on the Internet 1989-1995 , 1998 .

[6]  Mary Ellen Zurko,et al.  User-centered security , 1996, NSPW '96.

[7]  Ross J. Anderson Why cryptosystems fail , 1994, CACM.

[8]  Debora Shaw,et al.  Handbook of usability testing: How to plan, design, and conduct effective tests , 1996 .

[9]  S L Young,et al.  The effect of alternative product-label design on warning compliance. , 1994, Applied ergonomics.

[10]  Peter Neumann,et al.  Safeware: System Safety and Computers , 1995, SOEN.

[11]  Bonnie E. John,et al.  Evaluating a multimedia authoring tool , 1997 .

[12]  Don Davis Compliance Defects in Public Key Cryptography , 1996, USENIX Security Symposium.

[13]  Prasun Dewan,et al.  Access control for collaborative environments , 1992, CSCW '92.

[14]  J. D. Tygar,et al.  Usability of Security: A Case Study, , 1998 .

[15]  Cathleen Wharton,et al.  The cognitive walkthrough method: a practitioner's guide , 1994 .

[16]  Jakob Nielsen,et al.  Heuristic Evaluation of Prototypes (individual) , 2022 .

[17]  Richard A Spinello,et al.  The end of privacy. , 1997, America.