Transforming the 'Weakest Link' — a Human/Computer Interaction Approach to Usable and Effective Security
Date: July 2001
Publication: BT Technology Journal, Volume 19, Issue 3
Page(s): 122 - 131
Publisher: Kluwer Academic Publishers
Source 1: http://www.cs.ucl.ac.uk/staff/D.Weirich/ttw.pdf
Source 2: http://www.kluweronline.com/article.asp?PIPS=383363 - Subscription or payment required
The security research community has recently recognised that user behaviour plays a part in many security failures, and it has become common to refer to users as the 'weakest link in the security chain'. We argue that simply blaming users will not lead to more effective security systems. Security designers must identify the causes of undesirable user behaviour, and address these to design effective security systems. We present examples of how undesirable user behaviour with passwords can be caused by failure to recognise the characteristics of human memory, unattainable or conflicting task demands, and lack of support, training and motivation. We conclude that existing human/computer interaction knowledge and techniques can be used to prevent or address these problems, and outline a vision of a holistic design approach for usable and effective security.
Do you have additional information to contribute regarding this research paper? If so, please email email@example.com with the details.