CHAPTER 9: SECURITY AND USABILITY
In the previous chapter we mentioned that one of the main contributing factors to non-compliance by users is an extensive workload caused by poorly designed and poorly implemented security mechanisms. Next, we will discuss how these issues can be addressed.
Firstly, security professionals should understand that people’s resources are limited. Moreover, people tend to struggle with making effective decisions when they are tired.
To test the validity of this argument, Shiv and Fedorikhin designed an experiment where they divided participants into two groups: the first group was asked to memorise a two-digit number (e.g. 54) and the second group was asked to remember a longer seven-digit number (e.g. 4509672).
Get The Psychology of Information Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.