Home > Department of Management > Events > Seminar Series > ISRF > The True Cost of Unusable Security


The True Cost of Unusable Security

Speaker: Professor Angela Sasse, Department of Computer Science, University College London

Date and time: Thursday 10 May 2012, 1100 - 1230

Location: KSW 1.01

Service providers use CAPTCHAs to stop bots from creating accounts. It is an example of a security solution that requires genuine human users to work to keep the bots out. In the March issue of Scientific American, technology writer David Pogue estimates that CAPTCHAs waste 17 years of human effort every single day. A small but growing number of security researchers has made similar arguments about passwords, certificates, and anti-phishing tools - they consume individual time and effort for little or no discernible reduction of risk. In this talk, I will review this research, and then present examples from our recent research on the impact of such mechanisms on productivity in corporate contexts.

M. Angela Sasse is the Professor of Human-Centered Technology and Head of Information Security Research in the Department of Computer Science at University College London, UK. A usability researcher by training, she has been working in Computer Science for 25 years. She started research into usable security in the mid-90s, and her paper with Anne Adams Users are not the Enemy - together with Whitten & Tygar's Why Johnny Can't Encrypt - started research in usable security.