Usability and Security: The endless pursuit of perfection

When it comes to computers, usability and security aren’t always mutually inclusive concepts. Most times, the easier a system is to use the less protected it is. The tools used by attackers get sharper every day, and those charged with securing systems and online interactions constantly race to keep up, but the desire to ensure iron-clad protection creates another issue – that of usability.

Imagine if you didn’t even need to log in to your email to check it. That would be extremely easy for users – it would have a high degree of usability – but it would have no degree of security. Now imagine that in order to access your email you had to type in a password, decipher a visually encrypted code, then type in a one-time code sent to you by SMS. That would have a high degree of security but an extremely low degree of usability.

usability

Security protocols are designed to enact three basic measures: First, they prevent unauthorized access to the information within a system. Second, they ensure that information within that system is accessed only by authorized users. And third, they ensure that the system is available for authorized access. What that means, essentially, is that ideal security for users protects their computers and the information that they store on them are protected while ensuring that users can safely and securely browse the Internet and access the protected information that they store there too.

Usability and security is actually a field of computer science study referred to in academic studies as HCISec (human-computer interaction & security). And, as mentioned above, it’s a never-ending battle – and a tricky balance. That’s because, as one study points out, there is an inherent conflict of interest between users and system owners: The top priority for users is maximum ease of use, while the top priority for system owners is the security of their system.

“It is unrealistic to expect to achieve maximum usability and security in all secure systems,” the study’s authors wrote. “In most systems, there will be a trade-off between security and usability. The goal is to minimise as much as possible the possibility of threat scenarios and maximise the accessibility of usage scenarios. A usable system will minimise unintentional errors, while a secure system will aim at ensuring that undesirable actions in a system are prevented or mitigated.”

That means that the ideal system will be good for users and system administrators alike – and bad for attackers who would like to exploit both. And while that ideal remains elusive, the pursuit continues.

Send to Kindle

Comments

  1. Tanzeela Ahmed says:

    Amazing article !!