skip to main content
10.1145/1234772.1234787acmconferencesArticle/Chapter ViewAbstractPublication PageschimitConference Proceedingsconference-collections
Article

User help techniques for usable security

Published: 30 March 2007 Publication History

Abstract

There are a number of security-critical applications such as personal firewalls, web browsers and e-mail clients, whose users have little or no security knowledge and are easily confused, even frustrated by menus, messages or dialog boxes that deal with security issues.
While there are evaluations of existing applications and proposals for new approaches or design guidelines for usable security applications, little effort has been invested in determining how applications can help users in security decisions and security tasks. The purpose of this work is to analyse conventional and security-specific user help techniques with regard to their usefulness in supporting lay users in security applications.
We analyse the following help techniques: online documentation, context-sensitive help, wizards, assistants, safe staging and social navigation, and complement these with the tempting alternative of built-in, hidden security. Criteria for the analysis are derived from the type of user questions that can arise in applications and from definitions of when a security application can be called usable.
Designers of security applications can use our analysis as general recommendations for when and how to use and combine user help techniques in security applications, but they can also use the analysis as a template. They can instantiate the template for their specific application to arrive at a concrete analysis of which user help techniques are most suitable in their specific case.

References

[1]
R. M. Baecker, J. Grudin, W. Buxton, and S. Greenberg. Readings in Human-Computer Interaction: Toward the Year 2000, 2nd Edition. Morgan Kaufmann Publishers, Inc, 1995.
[2]
N. J. Belkin. Helping people find what they don't know. Communications of the ACM, 43(8), August 2000.
[3]
J. M. Carroll and C. Carrithers. Training wheels in a user interface. Communications of the ACM, 27(8), August 1984.
[4]
J. M. Carroll and M. B. Rosson. Paradox of the active user. In J. M. Carroll, editor, Interfacing Though: Cognitive Aspects of Human-Computer Interaction, pages 80--111. MIT Press, 1987.
[5]
L. F. Cranor and S. L. Garfinkel. Security and Usability. O'Reilly & Associates, Inc, 2005.
[6]
A. Dieberger. Social connotations of space in the design for virtual communities and social navigation. In Höök et al. {17}, pages 293--313.
[7]
P. DiGioia and P. Dourish. Social navigation as a model for usable security. In Proceedings of the Symposium on usable privacy and security (SOUPS'05), pages 101--108. ACM Press, July 2005.
[8]
X. Faulkner. Usability Engineering. Macmillan Press Ltd, 2000.
[9]
I. Fléchais. Designing Secure and Usable Systems. PhD thesis, University College London, February 2005.
[10]
S. M. Furnell. Using security: easier said than done. Computer Fraud & Security, 2004(4):6--10, April 2004.
[11]
S. M. Furnell. Why users cannot use security. Computers & Security, 24(4):274--279, June 2005.
[12]
S. M. Furnell, A. Jusoh, and D. Katsabas. The challenges of understanding and using security: A survey of end users. Computers & Security, 25:27--35, 2006.
[13]
W. O. Galitz. The Essential Guide to User Interface Design. Wiley & Sons, 2nd edition, 2002.
[14]
S. L. Garfinkel. Design Principles and Patterns for Computer Systems That Are Simultaneously Secure and Usable. PhD thesis, Massachusetts Institute of Technology, May 2005.
[15]
D. Gerd tom Markotten. Benutzbare Sicherheit in informationstechnischen Systemen. Rhombos Verlag, Berlin, 2004. ISBN 3-937231-06-4.
[16]
W. C. Hill, J. D. Hollan, D. Wroblewski, and T. McCandless. Edit wear and read wear. In Proceedings of the Conference on Human Factors in Computing Systems (CHI'92), pages 3--9. ACM Press, May 1992.
[17]
K. Höök, D. Benyon, and A. J. Munro. Designing information spaces: the social navigation approach. Springer-Verlag, 2003.
[18]
S. L. Jackson, J. Krajcik, and E. Soloway. The design of guided learner-adaptable scaffolding in interactive learning environments. In Proceedings of the Conference on Human Factors in Computing Systems (CHI'98), pages 187--194. ACM Press, April 1998.
[19]
J. Johnson-Eilola. Little machines: understanding users understanding interfaces. ACM Journal of Computer Documentation, 25(4):119--127, November 2001.
[20]
J. Johnston, J. H. P. Eloff, and L. Labuschagne. Security and human computer interfaces. Computers & Security, 22(8):675--684, December 2003.
[21]
S. Lauesen. User Interface Design---A Software Engineering Perspective. Addison Wesley, 2005.
[22]
N. Leveson. Safeware: System Safety and Computers. Addison Wesley, 1995.
[23]
T. Mandel. The Elements of User Interface Design. Wiley & Sons, 1997.
[24]
R. A. Maxion and R. W. Reeder. Improving user-interface dependability through mitigation of human error. International Journal of Human-Computer Studies, 63(1--2):25--50, July 2005.
[25]
J. Nielsen. Usability Engineering. Morgan Kaufmann Publishers, Inc, 1993.
[26]
J. Nielsen. Heuristic evaluation. In Nielsen and Mack {27}, pages 25--62.
[27]
J. Nielsen and R. L. Mack, editors. Usability Inspection Methods. Wiley & Sons, 1994.
[28]
L. Phelps. Active documentation: wizards as a medium for meeting user needs. In Proceedings of the 15th International Conference on Computer Documentation, pages 207--210. ACM Press, October 1997.
[29]
M. A. Sasse, S. Brostoff, and D. Weirich. Transforming the weakest link --- a human/computer interaction approach to usable and effective security. BT Technology Journal, 19(3):122--131, July 2003.
[30]
B. Shneiderman and C. Plaisant. Designing the User Interface. Addison Wesley, 4th edition, 2004.
[31]
T. Straub and H. Baier. A framework for evaluating the usability and the utility of PKI-enabled applications. In S. K. Katsikas, S. Gritzalis, and J. Lopez, editors, Proceedings of the European PKI Workshop: Research and Applications (EuroPKI'04), LNCS 3093, pages 112--125. Springer-Verlag, June 2004.
[32]
J. Tidwell. Designing Interfaces. O'Reilly & Associates, Inc, 2006.
[33]
M. Virvou and K. Kabassi. Intelligent help in a graphical user interface. In Proceedings of the International Conference on Systems, Man and Cybernetics, pages 170--175. IEEE, October 2002.
[34]
M. E. Whitman and H. J. Mattord. Principles of Information Security. Thomson Course Technology, 2nd edition, 2005.
[35]
A. Whitten. Making Security Usable. PhD thesis, School of Computer Science, Carnegie Mellon University, May 2004. CMU-CS-04-135.
[36]
A. Whitten and J. Tygar. Safe staging for computer security. In Proceedings of the CHI2003 Workshop on Human-Computer Interaction and Security Systems. http://www.andrewpatrick.ca/CHI2003/HCISEC/hcisec-workshop-whitten.pdf (visited 21-Jul-2005), April 2003.
[37]
A. Whitten and J. D. Tygar. Why Johnny can't encrypt: A usability evaluation of PGP 5.0. In Proceedings of the 8th USENIX Security Symposium (Security'99). Usenix, August 1999.
[38]
A. Wool. The use and usability of direction-based filtering in firewalls. Computers & Security, 23(6):459--468, September 2004.
[39]
H. Xia and J. C. Brustoloni. Hardening web browsers against man-in-the-middle and eavesdropping attacks. In Proceedings of the 14th International World Wide Web Conference (WWW'05), pages 489--498. ACM Press, May 2005.
[40]
K.-P. Yee. User interaction design for secure systems. In Proceedings of the International Conference on Information and Communications Security (ICICS'02), pages 278--290. Springer-Verlag, December 2002.
[41]
K.-P. Yee. Guidelines and strategies for secure interaction design. In Cranor and Garfinkel {5}.

Cited By

View all
  • (2022)PriKey – Investigating Tangible Privacy Control for Smart Home Inhabitants and VisitorsNordic Human-Computer Interaction Conference10.1145/3546155.3546640(1-13)Online publication date: 8-Oct-2022
  • (2022)Design Evolution of a Tool for Privacy and Security Protection for Activists Online: CyberactivistInternational Journal of Human–Computer Interaction10.1080/10447318.2022.204189439:1(249-271)Online publication date: 17-Apr-2022
  • (2017)Developer-centered security and the symmetry of ignoranceProceedings of the 2017 New Security Paradigms Workshop10.1145/3171533.3171539(46-56)Online publication date: 1-Oct-2017
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
CHIMIT '07: Proceedings of the 2007 symposium on Computer human interaction for the management of information technology
March 2007
124 pages
ISBN:9781595936356
DOI:10.1145/1234772
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 March 2007

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. on-line help
  2. safe staging
  3. social navigation
  4. usable security
  5. user help
  6. wizard

Qualifiers

  • Article

Conference

CHiMiT07
Sponsor:

Acceptance Rates

CHIMIT '07 Paper Acceptance Rate 11 of 34 submissions, 32%;
Overall Acceptance Rate 15 of 43 submissions, 35%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)4
  • Downloads (Last 6 weeks)0
Reflects downloads up to 19 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2022)PriKey – Investigating Tangible Privacy Control for Smart Home Inhabitants and VisitorsNordic Human-Computer Interaction Conference10.1145/3546155.3546640(1-13)Online publication date: 8-Oct-2022
  • (2022)Design Evolution of a Tool for Privacy and Security Protection for Activists Online: CyberactivistInternational Journal of Human–Computer Interaction10.1080/10447318.2022.204189439:1(249-271)Online publication date: 17-Apr-2022
  • (2017)Developer-centered security and the symmetry of ignoranceProceedings of the 2017 New Security Paradigms Workshop10.1145/3171533.3171539(46-56)Online publication date: 1-Oct-2017
  • (2017)Systematic Literature Review on Usability of Firewall ConfigurationACM Computing Surveys10.1145/313087650:6(1-35)Online publication date: 6-Dec-2017
  • (2013)Factors affecting user experience with security features: A case study of an academic institution in Namibia2013 Information Security for South Africa10.1109/ISSA.2013.6641061(1-8)Online publication date: Aug-2013
  • (2012)Recommendation Models for Open AuthorizationIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2012.349:4(583-594)Online publication date: 1-Jul-2012
  • (2011)ROAuthProceedings of the Seventh Symposium on Usable Privacy and Security10.1145/2078827.2078842(1-12)Online publication date: 20-Jul-2011
  • (2010)Principles for applying social navigation to collaborative systemsProceedings of the 4th Symposium on Computer Human Interaction for the Management of Information Technology10.1145/1873561.1873563(1-10)Online publication date: 12-Nov-2010
  • (2010)The impact of social navigation on privacy policy configurationProceedings of the Sixth Symposium on Usable Privacy and Security10.1145/1837110.1837120(1-10)Online publication date: 14-Jul-2010
  • (2010)When Security Meets UsabilityProceedings of the 2010 14th Panhellenic Conference on Informatics10.1109/PCI.2010.17(112-117)Online publication date: 10-Sep-2010
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media