Adams, A. and M.A.Sasse, Users Are Notthe Enemy, inCommunications of the ACM. 1999. p.40-46.
2Sunday, October 17, 2010
In the ACM Portal there are 33,619 references with the word “Security” in the title or abstract.While I’m not here to summarize decades of work, I am here to talk about one aspect of security that hasn’t been covered at all until recently. Security literature, when not proposinga deceptive new algorithm, has been known to put forth the position that humans are theweak link in the security chain. Well recent work has pushed back on that notion. That it isn’tthat people aren’t secure, it is that the software that isn’t usable that is the problem. It is anissue that passwords are too complex, and that security systems are not modeled after usermental models.You can read more about this issue in this foundational work, called “Users are not the...My work is an important extension beyond the work of usable security. In my work I look pastsingle individuals looking at computers and instead look at how communities managesecurity and privacy in the work setting.