Users Are Not the Enemy. Adams, A. and Sasse, M., A. Communications of the ACM, 42(12):40-46, ACM, 12, 1999.
Users Are Not the Enemy [link]Website  abstract   bibtex   
Many system security departments treat users as a security risk to be controlled. The general consensus is that most users are careless and unmotivated when it comes to system security. In a recent study, we found that users may indeed compromise computer security mechanisms, such as password authentication, both knowing and unknowingly. A closer analysis, however, revealed that such behavior is often caused by the way in which security mechanisms are implemented, and users' lack of knowledge. We argue that to change this state of affairs, security departments need to communicate more with users, and adopt a user- centered design approach.
@article{
 title = {Users Are Not the Enemy},
 type = {article},
 year = {1999},
 identifiers = {[object Object]},
 keywords = {passwords,security,usability},
 pages = {40-46},
 volume = {42},
 websites = {http://doi.acm.org/10.1145/322796.322806},
 month = {12},
 publisher = {ACM},
 city = {New York, NY, USA},
 id = {97a63889-a09c-361e-ae06-e517b49379cc},
 created = {2018-07-12T21:32:24.470Z},
 file_attached = {false},
 profile_id = {f954d000-ce94-3da6-bd26-b983145a920f},
 group_id = {b0b145a3-980e-3ad7-a16f-c93918c606ed},
 last_modified = {2018-07-12T21:32:24.470Z},
 read = {false},
 starred = {false},
 authored = {false},
 confirmed = {true},
 hidden = {false},
 citation_key = {adams:users99},
 source_type = {article},
 private_publication = {false},
 abstract = {Many system security departments treat users as a security risk to be controlled. The general consensus is that most users are careless and unmotivated when it comes to system security. In a recent study, we found that users may indeed compromise computer security mechanisms, such as password authentication, both knowing and unknowingly. A closer analysis, however, revealed that such behavior is often caused by the way in which security mechanisms are implemented, and users' lack of knowledge. We argue that to change this state of affairs, security departments need to communicate more with users, and adopt a user- centered design approach.},
 bibtype = {article},
 author = {Adams, Anne and Sasse, Martina A},
 journal = {Communications of the ACM},
 number = {12}
}
Downloads: 0