Showing posts with label Usable Security. Show all posts
Showing posts with label Usable Security. Show all posts

Saturday, May 2, 2020

Usability and Human Computer Interaction

Usable Security

We see so often in security that the person who designs it sits in their office, comes up with how it probably should work and what they think is secure. They don't give any consideration to human workflows, tasks, or usability, and they impose this on people and expect them to conform. When people are reasonably trying to get their work done, and the security system gets in their way, people try to get around it because it's stopping them from doing their job. And what we need to do is make sure that human workflows, capabilities, and tasks are incorporated into the security side, to make things actually work.
What usablility security covers? the aspects of human computer interaction.
  • How do we understand people's cognitive and psychological abilities?
  • How do we understand their tasks and
  • What they're trying to do,
  • Look at methods of designing that into systems and evaluating how well the systems do?
  • How a designer can build in understandings of humans, to make systems that are ultimately more secure.

What human-computer interaction is?

HCI is the study of how people interact with technology.
  • the peoplewe want to understand both the psychological and cognitive abilities of users.
  • the technology: both design and evaluation of technology
  • the two fit together.

We use what we know about people, the tasks, and the way they're interacting with systems to design technology that will work well for them and we also evaluate how well that technology works to make sure we've done it right.
Overall, the goal is to make sure that people aren't working any harder than necessary to use the designed technology. So it is necessary to evaluate systems, to make sure that they're easy for people to use. This is how HCI applies to usable security.

Usability

Usability is a way that we can measure and understand, how easy it is for people to use a system. When measuring Usability, there are five main factors to consider,
  1. Speeda way of measuring how quickly a user can accomplish the task. It is generally measured in time. How long it takes to complete the task?, and we ignore mistakes in this. So we assume the users are acting in an optimal way, and not making a lot of mistakes. 
  2. Efficiency: a way of measuring how many mistakes are made in accomplishing the task. So, someone might be able to accomplish a task very quickly, but also make a lot of mistakes along the way. A simple typo may be a less severe error, then something a user does that causes the whole program to shut down, losing their work and forcing them to start over.
  3. Learnability: a way of measuring how easy it is for a user to learn to use the system. This let's us know how well someone can come into the system for the first time, and get up and running with it. Ideally, they would need very little instruction. And, be able to find the features they need quite quickly.
  4. Memorability: It extends Learnability. Once a user has learned how to use the system, Memorability tells us how easy it is for them to remember how to use it. So if they've stopped using the system for awhile, and they come back, is it likely that they quickly remember how to use it. Or do they need to practice and relearn some of the features. 
  5. User PreferenceUser Preference which is what the users like most. Ideally, users will prefer a system that's faster, easier to learn, and that allows them to make fewer mistakes. This is something that we do either with, questionnaires and surveys.
Reference: https://www.coursera.org/learn/usable-security/home/welcome
at No comments:
Labels: , , ,

Sunday, April 19, 2020

Usable Security - Usable Privacy

1. Guidelines for usable privacy:
  • Make privacy systems match users' expectations from previous experiences.
  • Clearly indicate what information will be shared, with whom, and how.
  • Make privacy part of the natural workflow
2. A mobile app uses a phone's microphone to listen in the background for commercials, songs, and TV shows that a person is hearing in order to target ads at the user. The app does not store any information about users' conversations nor does it store recordings. Should the app disclose that it is listening to this background sound?
  • Yes, users should be informed that sound from their environment is being collected.
3. Alternatives to privacy policies can be as effective in teaching users about how their data is shared.
4. Following attributes can be automatically inferred on social media, even if users don't provide any obvious clues:
  • Intelligence
  • Personality
  • Sexual Orientation
5. Informed Consent: A person knows how their data is used and competently agrees to that use.


6. A website provides an extensive 50-printed-page privacy policy written in common language that describes every detail of how users' data is collected, used, and shared. What is violated here?
  • The policy does not meet the requirement of minimal distraction
7.Providing complete and detailed explanations of how data is collected and used can overwhelm the user and lead to a less usable privacy system.  
at 9 comments:
Labels: ,

Thursday, June 25, 2015

Usable Security - Authentication

1. Fingerprint recognition is generally faster than password entry for authentication.
banner  
2. Following are measures of usability for authentication systems:
  • Speed
  • How easy it is to learn
  • Likelihood of error
3. Limitations on the number of incorrect logins in a fixed time frame improves security of a traditional password system.
4. Smudge Attack: On phone that touched the face it was easiest to find password information.
5. Typing in a numeric code on a keypad is not a type of gesture based authentication.
6. Following are type of gesture based authentication:
  • Connecting dots on a grid
  • Drawing a signature on a touch screen
  • Swiping multiple fingers in a line or shape
7. Following are method for obtaining a second factor authentication code:
  • From an app designed to create codes
  • In a text message
  • Off a device that generates codes
8. Following are type of biometric authentication:
  • Facial recognition
  • Free gesture
  • Voice analysis
9. Two factor authentication DOES NOT improve the security and usability of a system.
10. Most secure passwords are collection of words like: I am not Easy T0 Find 
instead of likes:
  • dz&w4%lfc
  • hello etc. 
at 20 comments:
Labels: ,
Subscribe to: Posts (Atom)