Research Areas

The usability principles of efficiency, effectiveness, and user satisfaction must be incorporated into cybersecurity practices and technologies to ensure that it is easy for users to do the right thing, hard to do the wrong thing, and easy to recover when the wrong thing happens anyway. To achieve this objective, we work on research projects that:

• lead to the development of usable security metrics
• facilitate the integration of usability principles into security processes and product design
• identify approaches for aligning user goals with overarching national and organizational security goals

As a topic closely related to and dependent on security, we also investigate privacy considerations and how usability can contribute to users being able to protect their sensitive information.

We conduct research in the following areas:

• Authentication – evaluating the usability of passwords, password policies, and other authentication mechanisms
• Cryptography– exploring the practices, challenges, and usability of resources (e.g., standards, libraries, and certifications) related to the development and testing of secure cryptographic software and hardware products
• Cybersecurity Adoption – discovering security advocacy techniques that result in users making sound security decisions and adopting security best practices
• Internet of Things – exploring end users' perceptions of and experience with smart home technology security and privacy
• Phishing– understanding why people do or do not fall victim to phishing attacks
• Privacy – investigating usable methods for ensuring the protection of personal and sensitive information
• User Perceptions & Behaviors – uncovering the beliefs, perceptions, and other factors influencing users’ security and privacy behaviors