Security and Usability: Designing Secure Systems that People Can Use"O'Reilly Media, Inc.", 25.8.2005 - 740 sivua Human factors and usability issues have traditionally played a limited role in security research and secure systems development. Security experts have largely ignored usability issues--both because they often failed to recognize the importance of human factors and because they lacked the expertise to address them. But there is a growing recognition that today's security problems can be solved only by addressing issues of usability and human factors. Increasingly, well-publicized security breaches are attributed to human errors that might have been prevented through more usable software. Indeed, the world's future cyber-security depends upon the deployment of security technology that can be broadly used by untrained computer users. Still, many people believe there is an inherent tradeoff between computer security and usability. It's true that a computer without passwords is usable, but not very secure. A computer that makes you authenticate every five minutes with a password and a fresh drop of blood might be very secure, but nobody would use it. Clearly, people need computers, and if they can't use one that's secure, they'll use one that isn't. Unfortunately, unsecured systems aren't usable for long, either. They get hacked, compromised, and otherwise rendered useless. There is increasing agreement that we need to design secure systems that people can actually use, but less agreement about how to reach this goal. Security & Usability is the first book-length work describing the current state of the art in this emerging field. Edited by security experts Dr. Lorrie Faith Cranor and Dr. Simson Garfinkel, and authored by cutting-edge security and human-computerinteraction (HCI) researchers world-wide, this volume is expected to become both a classic reference and an inspiration for future research. Security & Usability groups 34 essays into six parts:
This book is expected to start an avalanche of discussion, new ideas, and further advances in this important field. |
Sisältö
| 1 | |
| 13 | |
| 31 | |
| 47 | |
Designing Systems That People Will Trust | 75 |
Part Two | 101 |
Evaluating Authentication Mechanisms | 103 |
The Memorability and Security of Passwords | 129 |
Privacy Issues and HumanComputer Interaction | 381 |
A UserCentric Privacy Space Framework | 401 |
Five Pitfalls in the Design for Privacy | 421 |
Privacy Policies and Privacy Preferences | 447 |
Privacy Analysis for the Casual User with Bugnosis | 473 |
Informed Consent by Design | 495 |
Social Approaches to EndUser Privacy Management | 523 |
Usability and the Network Effect | 547 |
Designing Authentication Systems with Challenge Questions | 143 |
Graphical Passwords | 157 |
Usable Biometrics | 175 |
Identifying Users from Their Typing Patterns | 199 |
The Usability of Security Devices | 221 |
Part Three | 245 |
Guidelines and Strategies for Secure Interaction Design | 247 |
Fighting Phishing at the User Interface | 275 |
Sanitization and Usability | 293 |
Usable PKI | 319 |
Simple Desktop Security with Chameleon | 335 |
Security Administration Tools and Practices | 357 |
Part Four | 379 |
Part Five | 561 |
Creating Usable Security Products for Consumers | 563 |
Firefox and the WorryFree Web | 577 |
A Microsoft Case Study | 589 |
Embedding Security in Collaborative Applications | 607 |
Achieving Usable Security in Groove Virtual Office | 623 |
Part Six | 637 |
Users Are Not the Enemy | 639 |
A Study of KaZaA P2P File Sharing | 651 |
Why Johnny Cant Encrypt | 669 |
| 693 | |