Usability and Security

Don Norman has written a thoughtful essay on usability and security. He writes:

The more secure you make something, the less secure it becomes. Why? Because when security gets in the way, sensible, well-meaning, dedicated people develop hacks and workarounds that defeat the security.

Security and usability often seem to be at odds. But if you want to make a system secure, you also have to make it usable. If security makes a system less usable, people will find a way to disable or impede it. They will habitually ignore popup warnings, disable firewalls, type passwords into normal text fields and then paste them into password fields, use the same simple password on every site, stick post-it notes with their login information to the screen, and avoid updating the operating system and their anti-virus software.

You can't make a system secure without also making it so usable that people won't actively defeat the system's security.

If you require a short url to link to this article, please use http://ignco.de/136

designed for use cover

But wait, there's more!

Want to read more like this? Buy my book's second edition! Designed for Use: Create Usable Interfaces for Applications and the Web is now available DRM-free directly from The Pragmatic Programmers. Or you can get it on Amazon, where it's also available in Chinese and Japanese.