Usable security is often seen as simply an enabler of good security behavior: if the actions required aren't too difficult or effortful, users will do so. But human-centered design of security means enabling users to make informed security choices. First, their preferred choice needs to be available. Authors of privacy policies should take note here, and service providers need to manage their security issues without burdening legitimate customers (solving CAPTCHAs to prove you are human isn't something a customer would choose to do, ever). Second, we need to accept that users sometimes choose to take risks. Protecting users means giving them an accurate understanding of possible consequences, and the likelihood of them occurring. Read full article »
About IEEE Security & Privacy
IEEE Security & Privacy magazine provides articles with both a practical and research bent by the top thinkers in the field along with case studies, tutorials, columns, and in-depth interviews and podcasts for the information security industry.