research-article

Threats or threads: from usable security to secure experience?

Authors:

Niels Raabjerg Mathiasen,

Susanne BødkerAuthors Info & Claims

NordiCHI '08: Proceedings of the 5th Nordic conference on Human-computer interaction: building bridges

Pages 283 - 289

https://doi.org/10.1145/1463160.1463191

Published: 20 October 2008 Publication History

Abstract

While the domain of security dependent technologies brings new challenges to HCI research it seems that the results and breakthroughs of HCI have not been used in design of security dependent technologies. With exceptions, work in the research field of usable security may be criticized for focusing mainly on adjusting user behavior to behave securely. With our background in newer HCI perspectives we address secure interaction from the perspective of security technology as experience. We analyze a number of collected user stories to understand what happens when everyday users encounter security dependent technologies. We apply McCarthy & Wright's [12] experience framework to the security domain and our collected stories. We point out that there are significant differences between being secure and having a secure experience, and conclude that classical usable security, focus on people's immediate security experience, and the full focus on experience proposed by McCarthy & Wright lead to three very different interaction concerns, analytically and as regards design. We illustrate these differences by examples, and conclude with a discussion of how to advance the field of usable security.

References

[1]

Bannon, L. (1986). From human factors to human actors: the role of psychology and human-computer interaction studies in system design. In Greenbaum, J. & Kyng, M. (eds). Design at work: cooperative design of computer systems, pp. 25--44, Erlbaum.

Digital Library

[2]

Bertelsen O. W. (2006). Tertiary Artefactness at the Interface, In Fishwick, P. (ed). Aesthetic Computing, pp. 357--368, MIT press.

[3]

Bødker, S. (2006). When second wave HCI meets third wave challenges. In Mørch, A. Morgan, K. Bratteteig, T. Ghosh, G. & Svanææs, D. (eds.): Proceedings of the 4th Nordic Conference on Human-Computer interaction: Changing Roles, pp. 1--8. ACM Press.

Digital Library

[4]

Bødker, S. (1999). Computer applications as mediators of design and use - a developmental perspective. Doctoral dissertation, Department of Computer Science, University of Aarhus, DAIMI PB-542.

[5]

Corbin, J. & Strauss, A. (1990). Basics of Qualitative Research: Grounded Theory Procedures and Techniques. SAGE Publications, London, 1990.

[6]

Danish IT security Council: Pervasive computing -- IT security and privacy, http://www.brics.dk/~michael/articles/rfits-uk.pdf

[7]

DiGioia P. & Dourish, P. (2005) Social navigation as a model for usable security. Proceedings of the 2005 symposium on Usable privacy and security, pp. 101--108.

Digital Library

[8]

Flinn, S. & Lumsden, J. (2005). User Perceptions of Privacy and Security on the Web. Proceedings of the Third Annual Conference on Privacy. http://www.lib.unb.ca/Texts/PST/2005/pdf/flinn.pdf

[9]

Gasser, L. (1986). The integration of computing and routine work. ACM TOIS 4(3), 205--225.

Digital Library

[10]

Hardee, J. B., West, R., & Mayhorn, C. B. (2006). To Download or Not to Download: An Examination of Computer Security Decision Making. Interactions Magazine 2006 May-June, 32--37.

Digital Library

[11]

Kammersgaard, J. (1988). Four different perspectives on Human-Computer Interaction. International journal of Man-Machine Studies, vol. 28, pp 343--362.

Digital Library

[12]

McCarthy, J., & Wright, P. (2004). Technology As Experience. The MIT Press.

Digital Library

[13]

Norman, D. A. (2002). Emotion and design: Atrractive things work better. Interactions Magazine, ix (4), 36--42.

Digital Library

[14]

Pagter, J. I. & Pedersen, M. G. (2008) A Sense of Security in Pervasive Computing-Is the Light on When the Refrigerator Door Is Closed? LNCS pp. 383--388. Springer, Heidelberg.

[15]

Palen, L. & Bøødker, S. (2008). Don't Get Emotional. In: Peter C., Beale R. (eds.): Affect and Emotion in Human-Computer Interaction. LNCS, vol. 4868, pp. 12--22. Springer, Heidelberg.

Digital Library

[16]

Whitten, A & Tygar, D. (1999). Why Johnny Can't Encrypt -- A Usability Evaluation of PGP 5.0. In Cranor, L. & Simson, G. (eds). Security and Usability: Designing Secure Systems that People Can Use, O'Reilly (2005), pp. 679--702.

[17]

Yee, K. 2002. User Interaction Design for Secure Systems. In Proceedings of the 4th international Conference on information and Communications Security (December 09--12, 2002). In Deng, R. H., Qing, S., Bao, F. & Zhou, J. (eds.) Lecture Notes In Computer Science, vol. 2513, pp. 278--290. Springer-Verlag, London.

Digital Library

Cited By

Spencer MColes-Kemp LHansen R(2024)Navigating the landscape of security modelling: the MORS gridJournal of Cybersecurity10.1093/cybsec/tyae02410:1Online publication date: 14-Nov-2024
https://doi.org/10.1093/cybsec/tyae024
Albesher A(2023)Reviewing the Usability of Web Authentication Procedures: Comparing the Current Procedures of 20 WebsitesSustainability10.3390/su15141104315:14(11043)Online publication date: 14-Jul-2023
https://doi.org/10.3390/su151411043
Fassl MPonticello ADabrowski AKrombholz K(2023)Investigating Security Folklore: A Case Study on the Tor over VPN PhenomenonProceedings of the ACM on Human-Computer Interaction10.1145/36101937:CSCW2(1-26)Online publication date: 4-Oct-2023
https://dl.acm.org/doi/10.1145/3610193
Show More Cited By

Index Terms

Threats or threads: from usable security to secure experience?
1. Human-centered computing
  1. Interaction design
    1. Interaction design process and methods
      1. User centered design

Recommendations

The Framework of Security-Enhancing Friction: How UX Can Help Users Behave More Securely
NSPW '20: Proceedings of the New Security Paradigms Workshop 2020

A growing body of research in the usable privacy and security community addresses the question of how to best influence user behavior to reduce risk-taking. We propose to address this challenge by integrating the concept of user experience (UX) into ...
Security - Visible, Yet Unseen?
CHI '19: Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems

An unsolved debate in the field of usable security concerns whether security mechanisms should be visible, or blackboxed away from the user for the sake of usability. However, tying this question to pragmatic usability factors only might be simplistic. ...
Refining the Understanding of Usable Security
HCI for Cybersecurity, Privacy and Trust
Abstract
Cybersecurity technologies and processes must be usable if users are to make effective use of protection. Many security practitioners accept the value of usable security, but few can precisely define it in practice and in terms of how it ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

NordiCHI '08: Proceedings of the 5th Nordic conference on Human-computer interaction: building bridges

October 2008

621 pages

ISBN:9781595937049

DOI:10.1145/1463160

General Chairs:
Konrad Tollmar
Lund University, Sweden
,
Bodil Jönsson
Lund University, Sweden

Copyright © 2008 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Mangold International
Microsoft Dynamics

In-Cooperation

SIGCHI: ACM Special Interest Group on Computer-Human Interaction

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 20 October 2008

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

NordiCHI08

Sponsor:

NordiCHI08: 5th Nordic Conference on Human-Computer Interaction

October 20 - 22, 2008

Lund, Sweden

Acceptance Rates

Overall Acceptance Rate 379 of 1,572 submissions, 24%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

16
Total Citations
View Citations
669
Total Downloads

Downloads (Last 12 months)8
Downloads (Last 6 weeks)2

Reflects downloads up to 08 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Spencer MColes-Kemp LHansen R(2024)Navigating the landscape of security modelling: the MORS gridJournal of Cybersecurity10.1093/cybsec/tyae02410:1Online publication date: 14-Nov-2024
https://doi.org/10.1093/cybsec/tyae024
Albesher A(2023)Reviewing the Usability of Web Authentication Procedures: Comparing the Current Procedures of 20 WebsitesSustainability10.3390/su15141104315:14(11043)Online publication date: 14-Jul-2023
https://doi.org/10.3390/su151411043
Fassl MPonticello ADabrowski AKrombholz K(2023)Investigating Security Folklore: A Case Study on the Tor over VPN PhenomenonProceedings of the ACM on Human-Computer Interaction10.1145/36101937:CSCW2(1-26)Online publication date: 4-Oct-2023
https://dl.acm.org/doi/10.1145/3610193
Fassl MAnell SHouy SLindorfer MKrombholz KChiasson SKapadia A(2022)Comparing user perceptions of anti-stalkerware apps with the technical realityProceedings of the Eighteenth USENIX Conference on Usable Privacy and Security10.5555/3563609.3563617(135-154)Online publication date: 8-Aug-2022
https://dl.acm.org/doi/10.5555/3563609.3563617
Fassl MGröber LKrombholz KKitamura YQuigley AIsbister KIgarashi TBjørn PDrucker S(2021)Exploring User-Centered Security Design for Usable Authentication CeremoniesProceedings of the 2021 CHI Conference on Human Factors in Computing Systems10.1145/3411764.3445164(1-15)Online publication date: 6-May-2021
https://dl.acm.org/doi/10.1145/3411764.3445164
Chalhoub GFlechais INthala NAbu-Salma RLipford H(2020)Innovation inaction or in action? the role of user experience in the security and privacy design of smart home camerasProceedings of the Sixteenth USENIX Conference on Usable Privacy and Security10.5555/3488905.3488916(185-204)Online publication date: 10-Aug-2020
https://dl.acm.org/doi/10.5555/3488905.3488916
Distler VZollinger MLallemand CRoenne PRyan PKoenig VBrewster SFitzpatrick GCox AKostakos V(2019)Security - Visible, Yet Unseen?Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems10.1145/3290605.3300835(1-13)Online publication date: 2-May-2019
https://dl.acm.org/doi/10.1145/3290605.3300835
Dodier-Lazaro SBecker IKrinke JSasse M(2017)“No Good Reason to Remove Features”Human Aspects of Information Security, Privacy and Trust10.1007/978-3-319-58460-7_3(25-44)Online publication date: 13-May-2017
https://doi.org/10.1007/978-3-319-58460-7_3
Angulo J(2015)Users as Prosumers of PETsStandards and Standardization10.4018/978-1-4666-8111-8.ch014(265-286)Online publication date: 2015
https://doi.org/10.4018/978-1-4666-8111-8.ch014
Angulo J(2014)Users as Prosumers of PETsFrameworks of IT Prosumption for Business Development10.4018/978-1-4666-4313-0.ch012(178-199)Online publication date: 2014
https://doi.org/10.4018/978-1-4666-4313-0.ch012
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten