U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Usable Cybersecurity

Research Areas

The usability principles of efficiency, effectiveness, and user satisfaction must be incorporated into cybersecurity practices and technologies to ensure that it is easy for users to do the right thing, hard to do the wrong thing, and easy to recover when the wrong thing happens anyway. To achieve this objective, we work on research projects that:

  • lead to the development of usable security metrics
  • facilitate the integration of usability principles into security processes and product design
  • identify approaches for aligning user goals with overarching national and organizational security goals
As a topic closely related to and dependent on security, we also investigate privacy considerations and how usability can contribute to users being able to protect their sensitive information.

We conduct research in the following areas:

  • Authentication – evaluating the usability of passwords, password policies, and other authentication mechanisms
  • Cryptography– exploring the practices, challenges, and usability of resources (e.g., standards, libraries, and certifications) related to the development and testing of secure cryptographic software and hardware products
  • Cybersecurity Adoption, Awareness, and Training – discovering security advocacy and training approaches that result in users making sound security decisions and adopting security best practices
  • Internet of Things – exploring end users' perceptions of and experience with smart home security and privacy
  • Phishing– understanding why people do or do not fall victim to phishing attacks and how to measure the difficulty level of phishing emails
  • Privacy – investigating usable methods for ensuring the protection of personal and sensitive information
  • User Perceptions & Behaviors – uncovering the beliefs, perceptions, and other factors influencing users’ security and privacy behaviors
  • Youth Security and Privacy - exploring the online security and privacy perceptions and practices of youth and influencing social factors from three perspectives: youth themselves, parents/guardians, and teachers/educators

Created November 17, 2016, Updated November 29, 2022