In the IT security industry, people are considered the most insecure link. Often dangerous actions such as saving the credentials in an Excel list are hardly comprehensible for administrators. And the TOP 10 ranking list of the most popular passwords triggers real outrage among security experts every year. On World Usability Day, we therefore ask ourselves why and how usability and security are inevitably interwoven …
Nowadays, more and more devices are used in companies. In addition, even more and increasingly complex technologies and processes are being used to solve problems that the “0-8-15” employee is often not even aware of. The more complex the IT landscape becomes, the more colleagues alienate themselves from this topic and develop a reluctance to use tools they do not understand and guidelines they cannot follow. From the perspective of the CISO or IT manager in companies, this defensive attitude is again incomprehensible, which often manifests itself in unsuspectingly secured access and unsupervised credentials. Two sides that need to be connected – the magic word here is “usability” …
Usable Security or “Secure meets Simple”
Usable security – also to be found as a sub-concept of “Security by Design” and “Human-Computer-Interaction” – is the buzzword under which more and more research groups and associations have recently settled. The aim here is to place people with their needs and requirements at the centre of technologies and to view security problems not from a technical point of view but from a user-based perspective.
Three approaches have been developed to better secure systems:
- improve the user experience
- Educate and train users to create safety awareness
- Automate systems to prevent safety-critical user intervention
Research models in practice
Password Safe also makes use of the user-oriented approach in order to prevent security gaps from arising in the first place. The software interacts with the user depending on the security relevance:
- From the tools`point of view, the login is secure and is therefore carried out automatically without the need for user intervention.
- Password Safe recognises a possibly insecure situation and prevents the login information for the login from being passed on: The login link is not known, so the login data is not blocked. User intervention is required.
- Password Safe does not know the application at login / registration and notifies the user: The user can decide whether the login data entered should be securely transferred to Password Safe.
- Password Safe recognises a possibly security-critical action within the software and notifies the necessary authorities: The relevant employee is informed by e-mail / pop-up that, for example, a password has been copied from Password Safe or an attempt has been made to uncover a password, so that he or she can make a decision on how to proceed.
Would you like to learn more about how Password Safe skilfully connects man and machine? We will take you through our product tour!