Computer Security

Deyhle, R. & Schaub, F.  (2012). Password entry usability and shoulder surfing susceptibility on different smartphone platforms. In E. Rukzio. ISBN: 978-1-4503-1815-0

In this paper, the authors discuss how different on-screen layouts of smartphones  affect a user’s ability to easily input a password while limiting shoulder surfing.  Password composition and input are optimized to be used on a physical keyboard, and this layout may not translate equally to smartphones. In discussing password composition, the authors cited that it has significantly affected usability, and mnemonic and persuasive text passwords have proven to be more usable. Significant variances exist between the different keyboard layouts. The different keyboard layouts included the iOS keyboard, Windows Phone, multiple Android, and Symbian. In their experiment, the authors found that the Windows Phone and IOS faired best in usability, but their keyboard layouts rated low in security. In conclusion, these results suggest the obviously widespread gap between security and usability. 

Budi, A. & Denis, B. (2004). Computer Security Impaired by Legitimate Users.  Computers & Security, 23, 253-264. doi:10.1016/j.cose.2003.09.002

In this research, the authors discuss the issues about computer security involving legitimate users. They mention that technical solutions are not adequate, and we need to focus on an individual user more. This includes taking into account the activities that individual users will be trying to accomplish and the manner in which they will perform them. Within this process, we encounter the trade-off between usability and security. Most often people strive for the least effort required producing acceptable results, the same idea applies to security. Understanding this trade-off is an important concept for developers to apply to the development cycle. A good example involves looking at passwords that offer more security as they grow longer and more complex but become much harder to remember. Moreover, these trade-offs exist within multiple layers of an organization and can be addressed looking at Reason’s model. In order to address these issues, the authors suggest looking at the organizations security culture that involves educating staff, making security user-centered, and allowing users to work in an environment not dominated by procedures.