Human–computer interaction (security)
HCISec is the study of interaction between humans and computers, or human–computer interaction, specifically as it pertains to information security. Its aim, in plain terms, is to improve the usability of security features in end user applications.
Unlike HCI, which has roots in the early days of Xerox PARC during the 1970s, HCISec is a nascent field of study by comparison. Interest in this topic tracks with that of Internet security, which has become an area of broad public concern only in very recent years.
When security features exhibit poor usability, the following are common reasons:
- they were added in casual afterthought
- they were hastily patched in to address newly discovered security bugs
- they address very complex use cases without the benefit of a software wizard
- their interface designers lacked understanding of related security concepts
- their interface designers were not usability experts (often meaning they were the application developers themselves)
Further reading
- "Design Principles and Patterns for Computer Systems That Are Simultaneously Secure and Usable", by Simson Garfinkel
- "User Interaction Design for Secure Systems" by Ka-Ping Yee
- "Involving the end user in access control: from confined processes to trusted human-computer interface" (in French) by Mickaël Salaün
External links
- HCISec Bibliography
- HCISec Yahoo! Group
- Usable Security Blog
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.