While usability testing is well established, assessing the usability of security software, tools, or methods deserves more careful consideration. It has been argued that dealing with security has become too difficult for individuals or organizations to manage effectively or to use conveniently. As difficult as it is for system administrators and developers to deal with, security is even more challenging for casual users. Indeed, it is much too easy for casual/home users to configure the security of their systems in non-optimal ways that leave their systems inadvertently insecure. This is exacerbated by the fact that casual users are focused on matters other than security, and likely would prefer not even to think about security. This brief report argues that when security and/or privacy are part of the equation, traditional methods for usability testing should be re-considered. The purpose of this brief report is to argue for and outline a method associated with a new approach to usability testing for examining usable security issues.
[1]
B. Schneirdeman,et al.
Designing the User Interface: Strategies for Effective Human-Computer Interaction
,
1998
.
[2]
Jakob Nielsen,et al.
Usability engineering
,
1997,
The Computer Science and Engineering Handbook.
[3]
Rob Miller,et al.
Security user studies: methodologies and best practices
,
2007,
CHI Extended Abstracts.
[4]
Colin Birge,et al.
Enhancing research into usable privacy and security
,
2009,
SIGDOC '09.
[5]
Ben Shneiderman,et al.
Designing the User Interface: Strategies for Effective Human-Computer Interaction
,
1998
.
[6]
Min Wu,et al.
Do security toolbars actually prevent phishing attacks?
,
2006,
CHI.