Security and Usability: Designing Secure Systems that People Can Use [NOOK Book]


Human factors and usability issues have traditionally played a limited role in security research and secure systems development. Security experts have largely ignored usability issues--both because they often failed to recognize the importance of human factors and because they lacked the expertise to address them.

But there is a growing recognition that today's security problems can be solved only by addressing issues of usability and human ...

See more details below
Security and Usability: Designing Secure Systems that People Can Use

Available on NOOK devices and apps  
  • NOOK Devices
  • Samsung Galaxy Tab 4 NOOK 7.0
  • Samsung Galaxy Tab 4 NOOK 10.1
  • NOOK HD Tablet
  • NOOK HD+ Tablet
  • NOOK eReaders
  • NOOK Color
  • NOOK Tablet
  • Tablet/Phone
  • NOOK for Windows 8 Tablet
  • NOOK for iOS
  • NOOK for Android
  • NOOK Kids for iPad
  • PC/Mac
  • NOOK for Windows 8
  • NOOK for PC
  • NOOK for Mac
  • NOOK for Web

Want a NOOK? Explore Now

NOOK Book (eBook)
$22.99 price
(Save 42%)$39.99 List Price


Human factors and usability issues have traditionally played a limited role in security research and secure systems development. Security experts have largely ignored usability issues--both because they often failed to recognize the importance of human factors and because they lacked the expertise to address them.

But there is a growing recognition that today's security problems can be solved only by addressing issues of usability and human factors. Increasingly, well-publicized security breaches are attributed to human errors that might have been prevented through more usable software. Indeed, the world's future cyber-security depends upon the deployment of security technology that can be broadly used by untrained computer users.

Still, many people believe there is an inherent tradeoff between computer security and usability. It's true that a computer without passwords is usable, but not very secure. A computer that makes you authenticate every five minutes with a password and a fresh drop of blood might be very secure, but nobody would use it. Clearly, people need computers, and if they can't use one that's secure, they'll use one that isn't. Unfortunately, unsecured systems aren't usable for long, either. They get hacked, compromised, and otherwise rendered useless.

There is increasing agreement that we need to design secure systems that people can actually use, but less agreement about how to reach this goal. Security & Usability is the first book-length work describing the current state of the art in this emerging field. Edited by security experts Dr. Lorrie Faith Cranor and Dr. Simson Garfinkel, and authored by cutting-edge security and human-computer
interaction (HCI) researchers world-wide, this volume is expected to become both a classic reference and an inspiration for future research.

Security & Usability groups 34 essays into six parts:

  • Realigning Usability and Security---with careful attention to user-centered design principles, security and usability can be synergistic.

  • Authentication Mechanisms-- techniques for identifying and authenticating computer users.

  • Secure Systems--how system software can deliver or destroy a secure user experience.

  • Privacy and Anonymity Systems--methods for allowing people to control the release of personal information.

  • Commercializing Usability: The Vendor Perspective--specific experiences of security and software vendors (e.g.,
    IBM, Microsoft, Lotus, Firefox, and Zone Labs) in addressing usability.

  • The Classics--groundbreaking papers that sparked the field of security and usability.

This book is expected to start an avalanche of discussion, new ideas, and further advances in this important field.

Read More Show Less

Editorial Reviews

From Barnes & Noble
The Barnes & Noble Review
Can you build usable systems that are secure? Secure systems that are usable? You can. You must. And this book brings together the principles you need to do it.

Lorrie Faith Cranor and Simson Garfinkel have brought together pioneering contributions from nearly three dozen experts in the field. Those contributions range from research and theory (the psychology of user security, guidelines for secure human-computer interaction) to hands-on practice (building phish-resistant UIs, simplifying PKI for ordinary mortals).

There’s a full section on advanced authentication, from challenge questions and graphical passwords to keystroke biometrics. You’ll find extensive guidance on designing systems for privacy and anonymity. Finally, case studies from Zone Labs, IBM, and Microsoft prove that security can be commercialized. Years from now, this book will be viewed as seminal: Right now, it’s indispensable. Bill Camarda, from the November 2005 Read Only

Read More Show Less

Product Details

  • ISBN-13: 9780596553852
  • Publisher: O'Reilly Media, Incorporated
  • Publication date: 7/14/2008
  • Sold by: Barnes & Noble
  • Format: eBook
  • Edition number: 1
  • Pages: 740
  • File size: 7 MB

Meet the Author

Dr. Lorrie Faith Cranor is an Associate Research Professor in the School of Computer Science at Carnegie Mellon University. She is a faculty member in the Institute for Software Research, International and in the Engineering and Public Policy department. She is director of the CMU Usable Privacy and Security Laboratory (CUPS).

Simson Garfinkel, CISSP, is a journalist, entrepreneur, and international authority on computer security. Garfinkel is chief technology officer at Sandstorm Enterprises, a Boston-based firm that develops state-of-the-art computer security tools. Garfinkel is also a columnist for Technology Review Magazine and has written for more than 50 publications, including Computerworld, Forbes, and The New York Times. He is also the author of Database Nation; Web Security, Privacy, and Commerce; PGP: Pretty Good Privacy; and seven other books. Garfinkel earned a master's degree in journalism at Columbia University in 1988 and holds three undergraduate degrees from MIT. He is currently working on his doctorate at MIT's Laboratory for Computer Science.

Read More Show Less

Table of Contents

1 Psychological acceptability revisited 1
2 Usable security 13
3 Design for usability 31
4 Usability design and evaluation for privacy and security solutions 47
5 Designing systems that people will trust 75
6 Evaluating authentication mechanisms 103
7 The memorability and security of passwords 129
8 Designing authentication systems with challenge questions 143
9 Graphical passwords 157
10 Usable biometrics 175
11 Identifying users from their typing patterns 199
12 The usability of security devices 221
13 Guidelines and strategies for secure interaction design 247
14 Fighting phishing at the user interface 275
15 Sanitization and usability 293
16 Making the impossible easy : usable PKI 319
17 Simple desktop security with Chameleon 335
18 Security administration tools and practices 357
19 Privacy issues and human-computer interaction 381
20 A user-centric privacy space framework 401
21 Five pitfalls in the design for privacy 421
22 Privacy policies and privacy preferences 447
23 Privacy analysis for the casual user with Bugnosis 473
24 Informed consent by design 495
25 Social approaches to end-user privacy management 523
26 Anonymity loves company : usability and the network effect 547
27 ZoneAlarm : creating usable security products for consumers 563
28 Firefox and the worry-free Web 577
29 Users and trust : a Microsoft case study 589
30 IBM Lotus notes/domino : embedding security in collaborative applications 607
31 Achieving usable security in groove virtual office 623
32 Users are not the enemy 639
33 Usability and privacy : a study of KaZaA P2P file sharing 651
34 Why Johnny can't encrypt 669
Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Terms of Use.
  • - Barnes & reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing 1 Customer Reviews
  • Anonymous

    Posted June 13, 2006


    Are you a security researcher or professional? If you are, then this book is for you! Editors Lorrie Faith Cranor and Simson Garfinkel, have done an outstanding job of writing a practical book that will help you realize the need for increased security usability in your systems. Cranor and Garfinkel, begin by stating their premise: that security and usability can be synergistic. Then, the editors take an in-depth look at techniques for identifying and authenticating computer users to systems that are both local and remote. They continue by examining how system software can deliver or destroy a secure user experience. Then, the editors explain how this book is devoted to systems that allow people to control the release of their personal information, enabling them to use the Internet in relative anonymity if they so desire. Then, they look at specific experiences of security and software vendors in addressing the issue of usability. Finally, the editors discuss their collection of classic papers on security and usability that everybody should read. This most excellent book discusses case studies of usable secure system design, along with the latest thinking about how to approach this problem. More importantly, the content of this book will give developers important insights that will lead to successful designs.

    Was this review helpful? Yes  No   Report this review
Sort by: Showing 1 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)