Search results

For decades, literature has reported on the perceived conflict between usability and security. This mutual trade-off needs to be considered and addressed whenever security products are developed. Achieving well-balanced levels of both is a precondition for sufficient security as users tend to reject unusable solutions. To assess it correctly, usability should be evaluated in the context of security. This paper aims to identify and describe universally applicable and solution-independent factors that affect the perceived usability of security mechanisms.

The selected methodology was a systematic literature review during which multiple database resources were queried. Application of predefined selection criteria led to the creation of a bibliography before backward snowballing was applied to minimize the risk of missing material of importance. All 70 included publications were then analyzed through thematic analysis.

The study resulted in the identification of 14 themes and 30 associated subthemes representing aspects with reported influence on perceived usability in the context of security. While some of them were only mentioned sparsely, the most prominent and thus presumably most significant ones were: simplicity, information and support, task completion time, error rates and error management.

The identified novel themes can increase knowledge about factors that influence usability. This can be useful for different groups: end users may be empowered to choose appropriate solutions more consciously, developers may be able to avoid common usability pitfalls when designing new products and system administrators may benefit from a better understanding of how to configure solutions and how to educate users efficiently.

Using authentication to secure data and accounts has grown to be a natural part of computing. Even if several authentication methods are in existence, using passwords remain the most common type of authentication. As long and complex passwords are encouraged by research studies and practitioners alike, computer users design passwords using strategies that enable them to remember their passwords. This paper aims to find strategies that allow for the generation of passwords that are both memorable and computationally secure.

The study began with a literature review that was used to identify cognitive password creation strategies that facilitate the creation of passwords that are easy to remember. Using an action-based approach, attack models were created for the resulting creation strategies. The attack models were then used to calculate the entropy for passwords created with different strategies and related to a theoretical cracking time.

The result of this study suggests that using phrases with four or more words as passwords will generate passwords that are easy to remember and hard to attack.

This paper considers passwords from a socio-technical approach and provides insight into how passwords that are easy to remember and hard to crack can be generated. The results can be directly used to create password guidelines and training material that enables users to create usable and secure passwords.