This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Building Usable Security"
(New page: One the most overlooked aspects of application security is usability. Users are often the weakest link in a software system. If security controls embedded in software systems hinder users...) |
|||
| Line 1: | Line 1: | ||
| − | One the most overlooked aspects of application security is usability. Users are often the weakest link in a software system. If security controls embedded in software systems hinder users’ ability to accomplish their tasks, users will ignore or try to bypass such controls. Building usable security functions is a significant component of building secure systems. | + | One the most overlooked aspects of application security is usability. Users are often the weakest link in a software system. If security controls embedded in software systems hinder users’ ability to accomplish their tasks, users will ignore or try to bypass such controls, a common occurrence in today's systems. Building usable security functions is a significant component of building secure systems. |
Security engineers generally lack experience in usability engineering. One of the main reasons why application security violations continue to rise, is the fact that many deployed security mechanism are not user friendly, limiting their effectiveness. Unless engineers start thinking more about how to make security more usable, progress in securing systems will be limited. | Security engineers generally lack experience in usability engineering. One of the main reasons why application security violations continue to rise, is the fact that many deployed security mechanism are not user friendly, limiting their effectiveness. Unless engineers start thinking more about how to make security more usable, progress in securing systems will be limited. | ||
Many people believe that there is an inherent tradeoff between security and usability. However, that does not have to be the case. This talk will expand on the link between security and usability, and provide guidance on how to build security functions and controls that will facilitate their adoption and reduce users’ resistance to such controls. | Many people believe that there is an inherent tradeoff between security and usability. However, that does not have to be the case. This talk will expand on the link between security and usability, and provide guidance on how to build security functions and controls that will facilitate their adoption and reduce users’ resistance to such controls. | ||
Revision as of 18:52, 21 July 2008
One the most overlooked aspects of application security is usability. Users are often the weakest link in a software system. If security controls embedded in software systems hinder users’ ability to accomplish their tasks, users will ignore or try to bypass such controls, a common occurrence in today's systems. Building usable security functions is a significant component of building secure systems.
Security engineers generally lack experience in usability engineering. One of the main reasons why application security violations continue to rise, is the fact that many deployed security mechanism are not user friendly, limiting their effectiveness. Unless engineers start thinking more about how to make security more usable, progress in securing systems will be limited.
Many people believe that there is an inherent tradeoff between security and usability. However, that does not have to be the case. This talk will expand on the link between security and usability, and provide guidance on how to build security functions and controls that will facilitate their adoption and reduce users’ resistance to such controls.
