Slashdot Mirror

← Back to Stories (view on slashdot.org)

Secure Interaction Design

Posted by timothy on from the touching-the-right-buttons dept.

Pingster writes "Next week, ICICS 2002 will take place in Singapore. Out of 40 papers at the conference, there will be just one paper that looks at human factors. Though many people know that usability problems can render even the strongest security useless, the security community has only recently started paying attention to usability issues. More serious thinking about usability and security is desperately needed. The paper proposes ten interaction design principles. Maybe you'll find them obvious; maybe you'll disagree with them entirely. Great! Let's have a discussion."

4 of 120 comments (clear)

  1. IMHO... by unterderbrucke · · Score: 3, Informative

    Poorly organized. Lynx-optimized website (with only two pages), only two months to write papers, an overly broad topic, and being held in a pseudo-third world country, away from the main countries where most research is being done, don't exactly add up to success. I'll be surprised if they register more than 500 attendees.

  2. Re:Security through ignorance? by koko775 · · Score: 2, Informative

    - 10 character passwords, non-dictionary words, alpha-numeric. Safe, but can't remember them. So you write it on a post it note.

    not really...my technique is to use easy-to-remember phrases, only you convert applicable letters to numbers 1337-style.

  3. Passwords by Anonymous Coward · · Score: 1, Informative

    Jef Raskin, in his book "The Humane Interface" provides an answer to the username/password problem.

    Firstly, no username. People know their own name better than any other word. Trying to give them another one is an exercise in futility. Usernames are frequently very easily guessable, and if all the system's passwords are unique, unnecessary.

    Passwords should be system assigned, firstly to ensure uniqueness, and secondly to make damn sure that they are from an appropriately large set of possibilities. This particular set, which is quite easy for people to remember but incredibly large is the combination of 3 randomly selected nouns. For example BeachballTruckWaterpipe

    The set of possiblities is vast. almost certainly larger than the set of all 8 character alpha-numeric strings, for example. It's not hard for a person to memorise something like this, so they won't have to write it down.

  4. Papers on secure web app design by Anonymous Coward · · Score: 1, Informative


    www.cgisecurity.com/lib