GSLIS faculty member Michael Twidale delivered a talk on September 9 as part of the Information Trust Institute’s Trust & Security Seminar Series. The series highlights many aspects and applications of information security. In his talk, “The Usability of Security,” Twidale discussed the need for balance between security and usability.
Abstract: Is an 8-character password more secure than a 4-character one? Is a 16-character password even more secure? What about a 32-character password? Or a 64-character one? What does your model of security say? Does it say that the longer the password, the more secure it is, or the longer the password, the less secure it is, because people will write it down and get more cynical about your stupid, inconvenient rules? Is it safer to make people switch to a new password every year, every quarter, every week, every hour, or every minute?
You can build a fabulous system with dozens of options, but if people don't find it useful, usable, and acceptable, then it won't get used. If you force them, people will subvert it. Trust is a critical element in adoption, continuing use, and, indeed, committed use. Poor design and a failure to look at the issues from the perspective of end users and different stakeholders can lead to costly failures. This talk will explore how usability analysis, computer-supported cooperative work, and sociotechnical systems engineering can inform the design of resources that have elements of security and privacy.
Twidale is a professor at GSLIS and research associate professor at the Information Trust Institute. His research interests include computer-supported cooperative work, computer-supported collaborative learning, human-computer interaction, information visualization, and museum informatics. His current projects include studies of informal social learning of technology, technological appropriation, metrics for open access, collaborative information retrieval, low-cost information visualization, ubiquitous learning, and the usability of open source software. His approach involves the use of interdisciplinary techniques to develop high-speed, low-cost methods to better understand the difficulties people have with existing computer applications and so to design more effective systems.