O'Reilly logo

Security and Usability by Simson Garfinkel, Lorrie Faith Cranor

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter Thirty Two. Users Are Not the Enemy

Why Users Compromise Security Mechanisms and How to Take Remedial Measures, by Anne Adams and M. Angela Sasse

CONFIDENTIALITY IS AN IMPORTANT ASPECT OF COMPUTER SECURITY. It depends on authentication mechanisms, such as passwords, to safeguard access to information. Traditionally, authentication procedures are divided into two stages:[1], [2]

  • Identification (user ID), to identify the user

  • Authentication, to verify that the user is the legitimate owner of the ID

It is the latter stage that requires a secret password. To date, research on password security has focused on designing technical mechanisms to protect access to systems; the usability of these mechanisms has rarely been investigated. Hitchings[3] and Davis and Price[4] argue that this narrow perspective has produced security mechanisms that are, in practice, less effective than they are generally assumed to be. Because security mechanisms are designed, implemented, applied, and breached by people, human factors should be considered in their design. It seems that, currently, hackers pay more attention to the human link in the security chain than security designers do, for example, by using social engineering techniques to obtain passwords.

The key element in password security is the crackability of a password combination. Davies and Ganesan[5] argue that an adversary’s ability to crack passwords is greater than usually believed. System-generated passwords are essentially the optimal ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required