Chapter Twelve. The Usability of Security Devices

Ugo Piazzalunga, Paolo Salvaneschi, and Paolo Coffetti

AN INCREASING NUMBER OF HARDWARE DEVICES ARE BECOMING AVAILABLE TO HELP USERS ACHIEVE A higher level of security in authentication systems. However, little research has been performed on the usability of these devices. This chapter takes a first step toward understanding the usability issues associated with security devices. After briefly reviewing security devices, we define an experimental approach suitable for their usability evaluation. We apply this approach to evaluating cryptographic smart card devices, and we report and comment on the results, including the impact of usability on security. We conclude by presenting general recommendations to minimize usability problems while deploying security devices.

Introduction

A variety of hardware devices are employed to increase computer security. This chapter focuses on those portable devices designed to increase the security of authentication systems. Smart cards and “one-time password” tokens are perhaps the best-known examples of security devices; they fit easily in pockets or on keychains, embed an integrated circuit, and are used to log into networks or web sites securely.

Vendors of security devices strive for a design that is both secure and usable. But are they successful? In this chapter, we will attempt to address this question by suggesting an experimental approach to evaluating security devices as a whole, then applying ...

Get Security and Usability now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.