Cybersecurity and usability must coexist. Systems that prioritize usability over a strong security posture may fall prey to increasingly sophisticated cyber-attacks that inevitably make the system inoperable. However, the opposite holds true as well; protocols that are too strict may secure a system but render it so burdensome to use that users will intentionally circumvent security measures.
The NIST Usable Cybersecurity team brings together experts in diverse disciplines to conduct research at the intersection of human factors, human-computer interaction, cognitive psychology, and cybersecurity. The team’s goal is to provide actionable guidance for policymakers, system engineers, and security professionals who want to incorporate usability into their cybersecurity decisions, processes, and products. Recent research focus areas include: authentication, usable cryptography, phishing, Internet of Things (IoT), security adoption, and users’ security and privacy perceptions and behaviors.
Visit the newly updated Usable Cybersecurity webpages for more details on research areas and publications.