Category Archives: human factos in security

August 17, 2011

Can Metaphors of Physiscal Security Work for Computers?

There is evidence that the communication of security risks to home computer users has been unsuccessful. Prior research has found that users do not heed risk communications, that they do not read security warning texts, and that they ignore them. … Continue reading →

Leave a Comment

Filed under human factos in security, mental models of security, usable security

August 10, 2011

Heuristics for Evaluating IT Security Management Tools

The usability of IT security management (ITSM) tools is hard to evaluate by regular methods, making heuristic evaluation attractive. However, standard usability heuristics (e.g., Nielsen’s) are hard to apply, as IT security management occurs within a complex and collaborative context … Continue reading →

Leave a Comment

Filed under human factos in security, IT security management, usable security

March 6, 2011

Have users signed up?

I participated in a panel “Password Managers, Single Sign-On, Federated ID: Have users signed up?” at Workshop on The Future of User Authentication and Authorization on the Web: Challenges in Current Practice, New Threats, and Research Directions, which was collocated … Continue reading →

Leave a Comment

Filed under human factos in security, mental models of security, usable security, web single sign on

February 25, 2011

Is OpenID too Open? Technical, Business, and Human Issues That Get in the Way of OpenID and Ways of Addressing Them

The web is essential for business and personal activities well beyond information retrieval, such online banking, financial transactions, and payment authorization, but reliable user authentication remains a challenge. OpenID is a mainstream Web single sign-on (SSO) solution intended for Internet-scale … Continue reading →

Leave a Comment

Filed under business factors in security, human factos in security, usable security, web security, web single sign on

February 13, 2011