Finding Solutions for Bringing Usability to Security Products Thesis author: Antti Leskelä Supervisor: Professor Jörg Ott
Jan 12, 2016
Finding Solutions for Bringing Usability to Security Products
Thesis author: Antti Leskelä
Supervisor: Professor Jörg Ott
Presentation outline
Background Thesis objectives Thesis roadmap Quick overview to usability Usable security User study Conclusions
Background
Bad usability is everyday life for people Usability is a major factor of competition nowadays The importance of usable security grows as
network-related and computerised work becomes (/has become) more common
Security business has been one of the last sectors fighting against usability demands
The wrong assumption: ”The more usability, the less security”
Thesis objectives
To study problems with usability in information security emphasising in human aspects and human-centered design
To identify the different aspects of usable security and to create design principles based on the identification
To find out how usability is perceived in general and how the users experience the user-friendliness of security products
Expertise in security
Expertise in usability
Overlap area for usable security
Thesis roadmap
CHAPTER 2 Security
CHAPTER 2 Security
CHAPTER 4 Usable security
CHAPTER 4 Usable security
CHAPTER 5 Method
CHAPTER 5 Method
CHAPTER 3 Usability
CHAPTER 3 Usability
CHAPTER 6 Results
CHAPTER 6 Results
User study
Overview to usability
Usability refers to human-computer interface problems and user-friendliness.
Usability can be seen as the ability of a system to be used easily and efficiently
Takes into account emotions and affect Layered model of usability (next slide) combines
together different definitions of usability
Essential part of usability is paying attention to the user
Layered model of usability
Usable security 1/2
Usable security is a union of usability and security Usable security gives a two-dimensional possibility
of designing user-friendlier security products
Challenges in joining the user’s system image into the system to be designed
Communication with the user and the designer happens only via the system image
Need for user centered-design and design principles!!
Usable security 2/2
Zero impact Zero-click Visibility of actions Reversibility Completion User audit Override-ability No external burden
Design principles for usable security*:
* Based on Simson L. Garfinkel & Ka-Ping Yee
SUMI
Software Usability Measurement Inventory Can be used to surveys and controlled
studies Surveys measure the perceived usability
of software systems already in use Controlled studies measure performance
and identity, and analyse problems Used in the thesis to measure the
perceived usability of security software
User study
User study – Questionnaire
+
Web-based questionnaire for users of security software.
User study – Results 1/2
User study – Results 2/2
Participation was good However, results valid only for intermediate & expert users
• Number of novice users only 3,1 %
Quantitative analysis: SUMI results gave fairly good level of perceived usability to
security software Problem area: efficiency
• Can be seen as a lack of transparency of the system
Qualitative analysis: Most of the responses were negative relating to the problems
the participants had faced with their security software• Configuring, instructions, laziness & lack of interest etc.
General worry about the state of overall security awareness
Conclusions
Design principles for usable security give a good starting point for secure interaction design
Results of the user study indicate that users have problems with security software However it can be seen that security
software are more usable than before There is still a lot to do in order to provide
more usable security products
We demand better
usability!!!
THANKS!