Scaring and Bullying People into Security Won’t Work

Users will pay attention to reliable and credible indicators of risks they want to avoid. Security mechanisms with a high false positive rate undermine the credibility of security and train users to ignore them. We need more accurate detection and better security...

Usable Security: Why Do We Need It? How Do We Get It?

Security experts frequently refer to people as “the weakest link in the chain” of system security. Famed hacker Kevin Mitnick revealed that he hardly ever cracked a password, because it “was easier to dupe people into revealing it” by employing a range of social...