Human–computer interaction (security)
HCISec is the study of interaction between humans and computers, or human–computer interaction, specifically as it pertains to information security. Its aim, in plain terms, is to improve the usability of security features in end user applications.
Unlike HCI, which has roots in the early days of Xerox PARC during the 1970s, HCISec is a nascent field of study by comparison. Interest in this topic tracks with that of Internet security, which has become an area of broad public concern only in very recent years.
When security features exhibit poor usability, the following are common reasons:
- they were added in casual afterthought
- they were hastily patched in to address newly discovered security bugs
- they address very complex use cases without the benefit of a software wizard
- their interface designers lacked understanding of related security concepts
- their interface designers were not usability experts (often meaning they were the application developers themselves)
- "Design Principles and Patterns for Computer Systems That Are Simultaneously Secure and Usable", by Simson Garfinkel
- "User Interaction Design for Secure Systems" by Ka-Ping Yee