The Importance of Usable Cybersecurity
While tradeoffs between cybersecurity and usability do occur, we challenge the notion that security and usability cannot coexist and assert that they indeed must coexist. Computers can be theoretically secure but so unusable that they do not improve security because users will circumvent the security measures. The opposite is true as well; systems that are easy to use and not secure are eventually unusable when they fall prey to cyber attacks via techniques such as phishing, viruses, and botnets.
What We Do
We conduct research at the intersection of cybersecurity, human factors, and human-computer interaction. Our goal is to provide actionable guidance for policymakers, system engineers, and security professionals so that they can incorporate usability and other user considerations into their cybersecurity decisions, processes, and products. Ideally, this guidance should:
- Have a basis in real empirical data
- Create solutions that are secure in practice, not just in theory
- Take user needs and behavior into account
- Address people, process, and technology factors where appropriate
Both usability and cybersecurity are context-specific and influenced by a number of factors, such as the nature of the user population, organizational mission, and the specifications of the organization’s systems and cybersecurity measures themselves. Therefore, usable cybersecurity research requires a multi-disciplinary approach. To that end, our team consists of experts in various fields, including cybersecurity, computer science, human factors, human-computer interaction, and cognitive psychology.