M. Angela Sasse is the Professor of Human-Centred Technology and
Head of Information Security Research in the Department of Computer
Science at University College London, UK. A usability researcher by
training, she started investigating the causes and effects of usability
issues with security mechanisms in 1996. In addition to studying
specific mechanisms such as passwords, biometrics, and access control,
her research group has developed human-centred frameworks that explain
the role of security, privacy, identity and trust in human interactions
with technology. A list of project and publications can be found at http://sec.cs.ucl.ac.uk/people/m_angela_sasse/
The number of systems and services that people interact with has
increased rapidly over the past 20 years. Most of those systems and
services have security controls, but until recently, the usability of
those mechanims was not considered. Research over the past 15 years has
provide ample evidence that systems that are not usable are not secure,
either, because users make mistakes or devise workarounds that create
vulnerabilities. In this talk, I will present an overview of the most
pressing problems, and what research on usable security (HCISec) has
produced in response to this challenge. I will argue that past attempts
have been focussed on improving user interfaces to security mechanisms,
but that delivering systems with usable and effective security controls
requires a change in how we design and implement security in systems and
services. The talk will present examples of new approaches to
requirements capture and system design, and new approaches to 'security
thinking' in organisations.