Visible to the public Designing for the Human Element in Security


The number of systems and services that people interact with has increased rapidly over the past 20 years. Most of those systems and services have security controls, but until recently, the usability of those mechanisms was not considered. Research over the past 15 years has provided ample evidence that systems that are not usable are not secure, either, because users make mistakes or devise workarounds that create vulnerabilities. In this talk, I will present an overview of the most pressing problems, and what solutions research on usable security

(HCISec) has produced in response to this challenge.

Past attempts have been focused on improving user interfaces to security mechanisms, but delivering effective security in practice requires more fundamental changes to how we design and implement security in systems and services. The talk will present examples of new approaches to requirements capture and system design, and how concepts from usability and economics are transforming security thinking in organizations.


M. Angela Sasse is the Professor of Human-Centered Technology and Head of Information Security Research in the Department of Computer Science at University College London (UCL), UK. She is also the Director of the new Academic Centre of Excellence for Research in Cybersecurity at UCL (a distinction awarded by the UK Government Communications Headquarters).

A usability researcher by training, she started investigating the causes and effects of usability issues with security mechanisms in 1996. In addition to studying specific mechanisms such as passwords, biometrics, and access control, her research group has developed human-centered frameworks that explain the role of security, privacy, identity and trust in human interactions with technology. A list of projects and publications can be found at

Preview: Text

Other available formats:   

Designing for the Human Element in Security
Switch to experimental viewer