Skip to content
12 May 2005 / erikduval

Usable Web Privacy and Security

Lorrie Cranor from Carnegie Mellon University did the afternoon keynote on “Usable Web Privacy and Security”.

One approach is to make security invisible. Another approach is to make it understandable or to train the users. The user should probably only be asked to intervene if they have information that the software developer doesn’t have. Moreover, the user should be asked a question, not confronted with a dilemma.

An interesting proposal was to rely completely on the “we will send you your password if you give us your email address in case you have forgotten it” approach, and to just assume that users will have forgotten it, especially for not-so-often-visited sites.

Lorrie made some very pointed remarks and had great examples that showed how un-intuitive and overly subtle many of the symbols and metaphors for security are: “why do you sign email with a key rather than a pen”? For most users, “spam” and “cookie” are empty words – and they don’t signal potential danger: are you afraid of cookies?!

Overall, she seemed to be very much on target with her comments about making sure that people can actually use security features and tools.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: