The Importance of Usable Cybersecurity
While tradeoffs between cybersecurity and usability do occur, we challenge the notion that security and usability cannot coexist and assert that they indeed must coexist. Computers can be theoretically secure but so unusable that they do not improve security because users will circumvent the security measures. The opposite is true as well; systems that are easy to use and not secure are eventually unusable when they fall prey to cyber attacks via techniques such as phishing, viruses, and botnets.
What We Do
We conduct research at the intersection of cybersecurity, human factors, and human-computer interaction. Our goal is to provide actionable guidance for policymakers, system engineers, and security professionals so that they can incorporate usability and other user considerations into their cybersecurity decisions, processes, and products. Ideally, this guidance should:
Multi-Disciplinary Approach
Both usability and cybersecurity are context-specific and influenced by a number of factors, such as the nature of the user population, organizational mission, and the specifications of the organization’s systems and cybersecurity measures themselves. Therefore, usable cybersecurity research requires a multi-disciplinary approach. To that end, our team consists of experts in various fields, including cybersecurity, computer science, human factors, human-computer interaction, and cognitive psychology.
Security and Privacy: authentication, behavior, general security & privacy, privacy, security programs & operations, usability
Technologies: email
Applications: cybersecurity education, cybersecurity workforce, Internet of Things