Friday, November 24, 2006

Security Usability: Not much progress since 1883 or 1975

This is a great article by Peter Gutmann and Ian Grigg on security usability that lists the six principles for a secure communications system put down by Auguste Kirchoffs ca. 1883.  Even he understood the need for usability back then:

Given the circumstances that command its application, the system must be easy to use, requiring neither mental strain nor the knowledge of a long series of rules to observe.
Psychological Acceptability has been defined as a critical aspect of secure systems for over 30 years by Saltzer and Schroeder (1975): The Protection of Information in Computer Systems

It is essential that the human interface be designed for ease of use, so that users routinely and automatically apply the protection mechanisms correctly. Also, to the extent that the user's mental image of his protection goals matches the mechanisms he must use, mistakes will be minimized. If he must translate his image of his protection needs into a radically different specification language, he will make errors.

No comments:

Post a Comment