This Article 
 Bibliographic References 
 Add to: 
Jan.-Feb. 2014 (vol. 12 no. 1)
pp. 11-13
M. Angela Sasse, University College London
Usable security is often seen as simply an enabler of good security behavior: if the actions required aren't too difficult or effortful, users will do so. But human-centered design of security means enabling users to make informed security choices. First, their preferred choice needs to be available. Authors of privacy policies should take note here, and service providers need to manage their security issues without burdening legitimate customers (solving CAPTCHAs to prove you are human isn't something a customer would choose to do, ever). Second, we need to accept that users sometimes choose to take risks. Protecting users means giving them an accurate understanding of possible consequences, and the likelihood of them occurring.
Index Terms:
risk,usable security,spear phishing
M. Angela Sasse, Charles C. Palmer, "Protecting You," IEEE Security & Privacy, vol. 12, no. 1, pp. 11-13, Jan.-Feb. 2014, doi:10.1109/MSP.2014.11
Usage of this product signifies your acceptance of the Terms of Use.