Affiliation:
1. Department of Planning, Design, and Technology of Architecture, Sapienza University of Rome, 00196 Rome, Italy
Abstract
Usable security involves designing security measures that accommodate users’ needs and behaviors. Balancing usability and security poses challenges: the more secure the systems, the less usable they will be. On the contrary, more usable systems will be less secure. Numerous studies have addressed this balance. These studies, spanning psychology and computer science/engineering, contribute diverse perspectives, necessitating a systematic review to understand strategies and findings in this area. This systematic literature review examined articles on usable security from 2005 to 2022. A total of 55 research studies were selected after evaluation. The studies have been broadly categorized into four main clusters, each addressing different aspects: (1) usability of authentication methods, (2) helping security developers improve usability, (3) design strategies for influencing user security behavior, and (4) formal models for usable security evaluation. Based on this review, we report that the field’s current state reveals a certain immaturity, with studies tending toward system comparisons rather than establishing robust design guidelines based on a thorough analysis of user behavior. A common theoretical and methodological background is one of the main areas for improvement in this area of research. Moreover, the absence of requirements for Usable security in almost all development contexts greatly discourages implementing good practices since the earlier stages of development.
Reference64 articles.
1. An integrated approach of fuzzy logic, AHP and TOPSIS for estimating usable-security of web applications;Kumar;IEEE Access,2020
2. Examining the continuance of secure behavior: A longitudinal field study of mobile device authentication;Steinbart;Inf. Syst. Res.,2016
3. Florêncio, D., Herley, C., and Van Oorschot, P.C. (2014, January 20–22). Password Portfolios and the {Finite-Effort} User: Sustainably Managing Large Numbers of Accounts. Proceedings of the 23rd USENIX Security Symposium (USENIX Security 14), San Diego, CA, USA.
4. On improving the memorability of system-assigned recognition-based passwords;Marne;Behav. Inf. Technol.,2022
5. A quarter century of usable security and privacy research: Transparency, tailorability, and the road ahead;Reuter;Behav. Inf. Technol.,2022