Professional Documents
Culture Documents
Presented by:
Rahulkumar Jaiswar
Guided by : Prof. k k Joshi
: Prof. Sowmiya
Raksha
Outline
A Poll
Whats wrong with usable security
thinking
The consequences of unusable security
Lessons from airplane safety
Future Scope
References
Hyperlinks
Security
implemente
rs
sometimes
invent the
user instead
of
discoverin
g the user
4
Unusable
Security Costs
Security
6
Time is Money
An hour from each of the USs 180
million online users is worth
approximately US$2.5 billion. A major
error in security thinking has been to
treat users timean extremely valuable
resourceas free.
C Herley, IEEE S&P Jan/Feb 2014
10
Impact on Productivity
Lost Sales
Not a particularly
effective security
measure
Not usable: failure
rate around 40% - so
customers go
elsewhere
CAPTCHAs waste 17
years of human effort
every day
(Pogue, Scientific
American March
2012)
11
Authentication Wall of
Disruption
12
15
Unusable Security is
Ridiculous
16
Green shoots 1
FIDO a commercial
alliance to replace
passwords
www.fido.org
18
Green shoots 2:
Security that supports user goals: Parental controls
19
Unusable
Security Costs
Security
20
21
22
Noncompliance
24
Revocation
26
28
Official cause
Crew error
31
Future scope
Some organizations dont care
about usability or usable security
Not much to do there
Dangerous invitation to competitors!
Some do care
Q: How to make it happen?
A: High-level commitment
A: Feedback loops
A: Appropriate personnel
32
References
R. Morris and K. Thompson, Password Security: A Case
History, Comm. ACM, vol. 22, no. 11, 1979, pp.594597.
S. Wiedenback et al., Authentication using Graphical
Passwords: Effects of Tolerance and Image Choice, Proc.
Symp. Usable Privacy and Security, ACM Press,2005, pp.
112.
S.N.A. Porter, A Password Extension for Improved Human
Factors, Computers & Security, vol. 1, no. 1, 1982, pp.
5456.
B.F. Barton and M.S. Barton, User-Friendly Password
Methods for Computer-Mediated Information Systems,
Computers & Security, vol. 3, no. 3, 1984, pp. 186195.
35