Thursday, November 13, 2003
Security Certificates and Encryption Usability
Matthew Thomas has a good rant on the difficulties of using security certificates. A related paper that is worth reading is Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0
The authors did a usability study with twelve test participants. Only one third of them were able to correctly sign and encrypt an email message when given 90 minutes in which to do so and a properly configured email client. One quarter of them accidentally sent email they thought they had encrypted but had not.User errors cause or contribute to most computer security failures, yet user interfaces for security still tend to be clumsy, confusing, or near-nonexistent. Is this simply due to a failure to apply standard user interface design techniques to security? We argue that, on the contrary, effective security requires a different usability standard, and that it will not be achieved through the user interface design techniques appropriate to other types of consumer software.
RSS 0.92 Feed