A Set of Heuristics for Usable Security and User Authentication

Currently, computer security is one of the most important tasks for supporting critical business process and protecting sensitive information. However, security problems for computer systems include vulnerabilities because they are hard to use and have poor user interfaces due to security constraints. Nowadays, finding a good trade-off between security and usability is a challenge, mainly for user authentication services. In this paper is presented a set of 153 heuristics as a tool to evaluate the grade of achievement in some applications according to security, usability and other characteristics for user authentication (e.g. performance, accessibility, operability and reliability). The main contribution of this work is to propose a possible standardization of these heuristics by formulating them in interrogative sentences to facilitate the evaluation of usable security and user authentication. Each heuristic is accompanied by comments that facilitate their evaluation.

[1]  Dalenca Pottas,et al.  A Framework for Evaluating Usable Security: The Case of Online Health Social Networks , 2012, HAISA.

[2]  Maria Papadaki,et al.  Assessing the Usability of End-User Security Software , 2010, TrustBus.

[3]  César A. Collazos,et al.  An Integration of Usable Security and User Authentication into the ISO 9241-210 and ISO/IEC 25010: 2011 , 2016, HCI.

[4]  Virginica Rusu,et al.  A Methodology to Establish Usability Heuristics , 2011, ACHI 2011.

[5]  W. Keith Edwards,et al.  A Brief Introduction to Usable Security , 2008, IEEE Internet Computing.

[6]  Robert Biddle,et al.  Even Experts Deserve Usable Security: Design guidelines for security management systems , 2007 .

[7]  G. Salvendy,et al.  Extension of heuristic evaluation method: a review and reappraisal , 2005 .

[8]  Heuristic Evaluation-A System Checklist , 2014 .

[9]  Steven Furnell,et al.  Using human computer interaction principles to promote usable security , 2005 .

[10]  Sadie Creese,et al.  Guidelines for usable cybersecurity: Past and present , 2011, 2011 Third International Workshop on Cyberspace Safety and Security (CSS).

[11]  Llúcia Masip Ardévol User experience methodology for the design and evaluation of interactive systems , 2013 .

[12]  Simson L. Garfinkel,et al.  Design principles and patterns for computer systems that are simultaneously secure and usable , 2005 .

[13]  Dalenca Pottas,et al.  Recommendations for usable security in online health social networks , 2011, 2011 6th International Conference on Pervasive Computing and Applications.

[14]  Nahid Shahmehri,et al.  Usable set-up of runtime security policies , 2007, Inf. Manag. Comput. Secur..

[15]  Kirstie Hawkey,et al.  Heuristics for evaluating IT security management tools , 2011, Hum. Comput. Interact..

[16]  Lothar Fritsch,et al.  Towards inclusive identity management , 2010 .

[17]  Jakob Nielsen,et al.  Heuristic Evaluation of Prototypes (individual) , 2022 .

[18]  ISO / IEC 25010 : 2011 Systems and software engineering — Systems and software Quality Requirements and Evaluation ( SQuaRE ) — System and software quality models , 2013 .

[19]  Karen Renaud,et al.  Quantifying the quality of web authentication mechanisms: a usability perspective , 2004 .

[20]  Ka-Ping Yee,et al.  User Interaction Design for Secure Systems , 2002, ICICS.

[21]  Jan Hendrik Kroeze,et al.  Towards a Heuristic Model for Usable and Secure Online Banking , 2013, ACIS.

[22]  Claire Paddison,et al.  Applying heuristics to accessibility inspections , 2004, Interact. Comput..

[23]  Toni Granollers,et al.  A Set Of Heuristics for User Experience Evaluation in E-commerce Websites , 2014, ACHI 2014.

[24]  J. Doug Tygar,et al.  Systematic analysis and evaluation of web privacy policies and implementations , 2012, 2012 International Conference for Internet Technology and Secured Transactions.

[25]  Jan H. P. Eloff,et al.  Security and human computer interfaces , 2003, Comput. Secur..