next up previous
Next: Poor system setup or Up: Why do users make Previous: Memory

Social issues

There is a bit of a societal stigma associated with security: people who are cautious with their passwords are described as paranoid or untrusting, [Sasse et al., 2001]. Others may feel that they are pedantic and overly formal for no good reason. There may even be the perception that they are untrustworthy as well as untrusting.

The perception of computing as anti-social is often cited as a factor that discourages women from entering computing-related fields [Henson, 2002], and the addition of security constraints may reinforce that perception of computers in users. This can be particularly dangerous when users feel that their people skills are very important to their job. A person working in Human Resources may be particularly motivated to show that they trust others and can be trusted, yet this person may also have access to very sensitive payroll information that should be protected.

For many security experts, being paranoid is considered a good quality (For example, a quick web search using Google turns up articles with titles such as Security: selected readings for paranoid sysadmins, or Online Security: Only The Paranoid Survive.), but for users it is not. For a user, refusing to give your password to colleagues (eg: so they can get at important files while you're on vacation) may come across as rude, and locking your computer implies that you don't trust your colleagues even when you've just gone to get a coffee. Spending the necessary time to stay informed about security issues in all the software a user may employ on a regular basis may be perceived as antisocial or a waste of time.


next up previous
Next: Poor system setup or Up: Why do users make Previous: Memory
Terri 2004-01-05