Next:
Introduction
COMP 5407 Project 2:
The way security really works:
How human factors can be used to improve security
Terri Oda
terri(at)zone12.com
Carleton University
December 5, 2003
Introduction
How can ``good security'' rules cause bad security?
Changing Passwords
Security Measure:
Security Goals:
User Problems:
User Solutions:
Complex passwords
Security Measure:
Security Goals:
User Problems:
User Solutions:
System-selected passwords
Security Measure:
Security Goals:
User Problems:
User Solutions:
Different logins for different systems
Security Measure:
Security Goals:
User Problems:
User Solutions:
Why do users make insecure choices?
Memory
Social issues
Poor system setup or poor work practices
Users don't understand how attacks occur
It gets in the way of more important things
Security seems excessive or unnecessary
It's someone else's problem
Attitudes of security experts towards users
How can things be improved?
Limit the memory load
Try to avoid multiple passwords
Teach users tricks for password creation
Use cues
Reduce changes
Allow more attempts
Provide feedback/information
Improve employee morale
Make it easy
Make the path of least resistance the secure one
Make the interface clear and informative
Make access the user's choice
Conclusions
Bibliography
About this document ...
Terri 2004-01-05
