Usable Security

Dear Colleagues,

System security is often perceived as an obstacle to efficiency because it may slow down the interaction and act as an obstacle to satisfaction, since people are usually annoyed by frequent authentication and acknowledgment requests.

Usability and security are often regarded as competing design goals. Nevertheless, security mechanisms must be usable to be effective: mechanisms that are not used in practice or are used incorrectly provide little or no protection. Without usable security, security cannot be effective.

Indeed, one of the main problems encountered in the area of usable security is the so-called usability/security trade-off. Security pertains to security experts, and they often tend to reject proposals to improve usability because making life easier for the user could facilitate an attack. However, users think about security in terms of goals (i.e., what they need to do to achieve what they want to with their device), and not in terms of keys, certificates, or access control lists.

As a matter of fact, many users do not care much about security mechanisms, such as virus checking or e-mail encryption, or they do not use them in the right way. In fact, they often value usability over security, exposing themselves to greater risks. Users find it difficult to understand the security decisions they are subjected to, so they tend to misconfigure and, thus, jeopardize their security, for example, by disabling or sharing passwords to make it easier to access the system. This is because they often do not know how to use software that is too difficult on first use or do not have the patience to wait for security checks. Wherever possible, functions should be designed to make security implicit by exploiting the user's actions to determine what security operations need to be performed.

With this topic, the attempt is to highlight the issue of usable security by pointing out the differences between the perception of security and the users’ need for usability. Additionally, the intent is to point out that since human behavior is primarily goal-driven, the effective and efficient execution of tasks that help users achieve their goals is a key principle in the design of successful systems. 

Dr. Francesco Di Nocera
Dr. Pooria Madani
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Journal of Cybersecurity and Privacy is an international peer-reviewed open access quarterly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 1000 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

• usability
• security
• authentication
• password
• protection
• users
• effectiveness
• efficiency
• satisfaction