ADDUCIVE > World-class user interface design

HOME  ARTICLES  SITE MAP  LINKS  CONTACT

This was written for Encentuate, Inc., whose mission is "Security Through Convenience."


SECURITY AND USABILITY

The more secure a system is, the harder it is to use. The harder it is to use a system, the less secure it will be. The weakest link in security is human beings. Hackers understand this. Why don't technology companies?

More passwords and more complex passwords isn't the answer. Human memory is limited. Human ingenuity is not. Your employees will find ways to get their work done. Sometimes this means getting around security products or policies, leaving things even less secure than they were before. For security to be effective, it has to be convenient. That means designing to relieve the burdens of everyday users and system administrators instead of adding new ones. Companies that ignore this will fail to increase security.

Basic Principles

Consider these basics of human memory and motivation applied to security technology.

  • Human memory is limited. We are not good at remembering random sequences of characters. Even six characters is pushing the limit. There is also a limit to the number of passwords that we can remember.

  • Human memory fades. Infrequently used passwords are hard to remember. We know this and so we write them down, yet these passwords might protect the most sensitive information.

  • Human memory doesn't have an "Empty Trash" function. Passwords are hard to forget once they're no longer needed. After changing a password, especially according to a schedule set by software, we forget the new one or confuse old and new.

  • Humans are not good at dealing with randomness. We are not good at inventing, on the spot, several unique, unrelated passwords and then committing them to memory. Think of all the passwords a new employee has to come up with the first day on the job. Wouldn't you choose something easy rather than risk forgetting your password and creating a bad first impression?

  • Performance matches motivation. Research says that employees don't take security too seriously. We think nobody is interested in our company or our computer, especially when there are so many other targets. We think our own behavior can't stop a determined hacker anyway. More can be done to motivate employees, but making it easier to secure computer systems means a better match between motivation and effort.

  • People like to cooperate with other people, not policies. We are likely to share a password with a locked out colleague, and very unlikely to report someone for offering that kind of help.

Single Sign-On

The number of passwords we are supposed to remember is more than most people can handle. That's less than a handful, yet one study places the number required of us in the teens. We have no choice but to write down passwords or to use the same password everywhere. Single sign-on cuts down what we have to remember and how many passwords we have to invent.

Once single sign-on is in place, keeping the managed passwords away from people is better yet. They can be changed to the strongest format allowed by the applications, and managed automatically. If they are never known by the user, they cannot be disclosed, written down, or handled carelessly.

But if a single sign-on system is not reliable, users and administrators will find ways around it, creating back doors or leaving critical systems unmanaged. Many systems create a single point of failure or a single point to break in. Usability is security, but reliability is important for both.

Designing for the Weakest Link

Strong security is more than just technology. The lack of usability of today's technology means that only the most sensitive data handled by the most paranoid employees stands a chance of being protected properly.

Even so, former CIA director John Deutsch lost his security clearance a few years ago for writing classified memos on an unprotected home computer. This despite what one imagines to be considerable motivation and resources at his disposal to protect secrets. Apparently, none seemed worth the bother.

Administrators are people, too. Systems need to be easy to set up and administer. In the short term, an unavailable system will cause an administrator more headaches than an unsecured one. Too many security and networking products make it hard to choose the most secure settings from among the many configuration options. Security companies have the expertise in how their products should be set up, but fail to make it easy or fail to make it clear how to get the maximum benefit from them. This goes beyond visual design. It means thinking about how security products will be deployed and used in context.

More people trusting more important data to ever more connected networks of computers requires an increase in security. The rest of us need better security, but that requires better usability first.

Additional Reading

M.A. Sasse, S. Brostoff, D. Weirich, Transforming the "weakest link" — a human/computer interaction approach to usable and effective security. BT Technology Journal, 19:3, July, 2001, p. 122-131. http://www.cs.ucl.ac.uk/staff/A.Sasse/ttw.pdf.

Sarah Kuhn, in Bringing Design to Software, Terry Winograd, ed. Addison-Wesley, 1996. http://hci.stanford.edu/bds/14-kuhn.html.

Postscript: End Users Will Have the Last Say

Last year, a large retailer showed how determined users will get around policies set from afar. They used to allow certain trusted cashiers to issue refunds and make exchanges without a manager.

One day, headquarters removed this from the cash register software, citing security. But in a busy store, there can be fifty or more of these transactions a day, interrupting the manager every time. At least one busy manager gave the key and password to the head cashier.

The change had the opposite effect on security than what headquarters intended.



Home  Articles  Site Map  Links  Contact
Last updated by Brian Krause, brk@adducive.com, August 1, 2005
Adducive   1 650-274-2415 (+1 650-BRIA-415)

NEW STUFF

ABOUT ADDUCIVE

CONSULTING SERVICES