HCI International 2015
Los Angeles, CA, USA
2-7 August 2015

Navigation Menu

T12: Achieving usable IT security

Monday, 3 August 2015, 09:00 - 12:30

Steven Furnell (short bio)
Centre for Security, Communications & Network Research, Plymouth University, United Kingdom


To examine the importance of usability in achieving effective IT security, and illustrate the ways in which related factors can affect our technologies choices.

Content and Benefits:

The effectiveness of many security controls is often frustrated by a mismatch between what users would like or expect, and what they actually receive.  The resulting usability can often be compromised as a result technologies that appear overly complicated to their target audience, or impose too much of an overhead (in terms of required interactions or their performance impact) to remain tolerable. 

This tutorial begins with an examination of the issue in the broad context, presenting some of the principles that usable security ought to be aiming towards, and some illustrations of how these are often compromised in relation to common controls such as Internet Security tools, privacy management, and the effective management of system updates. 

Having established this foundation, specific focus is then given to the usability of one of the most common, and indeed important, aspects of user-facing security – namely the issue of authentication. Although there are multiple routes to achieving this, including the broad categories of secret knowledge, tokens, and biometrics, the actual provision that users can find themselves confronted with is often less than optimal.  While the familiarity of techniques such as traditional passwords should serve to make then eminently usable on one level, the way in which they are realised by the systems and services that depend upon them can have a significant effect upon the actual quality of their usage.  The discussion will examine the problems here, and the ways in which they can be addressed, before moving on to consider the usability impacts of other authentication options that may be available.   Although the end result will not be the identification of a single authentication solution that will be ideal for all scenarios, the session will allow attendees to obtain a clear view of the factors that can influence usability, and how to make an informed choice as a result.

Target Audience:

Any attendees (from the HAS thematic area or the wider conference) with an interest in understanding the need for usable security technologies.

Bio Sketch of Presenter:

Prof. Steven Furnell is the head of the Centre for Security, Communications & Network Research at Plymouth University in the United Kingdom, and an Adjunct Professor with Edith Cowan University in Western Australia. His interests include security management and culture, computer crime, user authentication, and security usability. Prof. Furnell is active within three working groups of the International Federation for Information Processing (IFIP) - namely Information Security Management, Information Security Education, and Human Aspects of Information Security & Assurance. He is the author of over 250 papers in refereed international journals and conference proceedings, as well as books including Cybercrime: Vandalizing the Information Society (2001) and Computer Insecurity: Risking the System (2005). He is also the editor-in-chief of Information Management & Computer Security, and the co-chair of the Human Aspects of Information Security & Assurance (HAISA) symposium. Steve is active in a variety of professional bodies, and is a Fellow of the BCS, a Senior Member of the IEEE, and a full member of the Institute of Information Security Professionals. Further details can be found at www.plymouth.ac.uk/cscan, with a variety of security podcasts also available via www.cscan.org/podcasts. Steve can also be followed on Twitter (@smfurnell).

follow us Icon Link: Follow us on Facebook Icon Link: Follow us on Twitter