• To make personal computing security more usable...
  • To develop a design protocol for genuinely user-centric security solutions...
  • To adapt usable security design to ubiquitous computing...


From the beginning, usability has been at best a secondary, if not tertiary, priority in retail security software design, behind functionality and technical requirements. This longstanding second-class status of usability in security is but one reason many computer users find it difficult and frustrating to use security tools:

  • Personal computing occurs across disparate physical devices and temporal spaces, with the result that users may be confronted with multiple and different security mechanisms in the course of completing even simple tasks
  • Security mechanisms are developed to different security requirements (i.e. encryption, antivirus, secure online browsing, etc.), with the result that users are required to interact only infrequently with certain interface elements of security software, or may not understand the source and function of certain interactions within the software (i.e. pop-up warnings)
  • Security mechanisms are frequently marketed as comprehensive suites, and include modules and features that users rarely need. Nonetheless, these features contribute to the complexity of the software
  • The ability to enhance the usability of commercial security software in the present context is constrained be these and other factors

A protocol to individually curate information security solutions may be the most effective, and only feasible method to bridge the gap between even well design security tools and their accessibility to non-expert users.

The aim of this study is to evaluate the effectiveness of an intensely user-centered approach to usable security, that focuses on the individual user's computer skills, motivation, security awareness, and on security threats specific to the users computing requirements and environment. The design approach employs a series of assessments and technical adaptations to align a subset of minimally indicated security best practices and security software interactions with the user's mental model of security risk, threat and remediation factors.