Designing an Evaluation Method for Security User Interfaces

Ten or 20 years ago, evaluating security products was not as much of a problem as it is today. Systems were managed by people able—and willing—to master the complexities. However, with the proliferation of personal computing devices and network connectivity in the home, systems are now regularly managed by nonexperts. Each system needs to be secured by each user in each home.

Therefore designing effective, unbiased evaluation methods for consumer products is one of the first steps in improving both users’ experiences and their security practices.

Evaluating the usability of security is a challenge. A common question evaluators face is: “How do I test whether users will configure and use a product securely?”
In this article, we outline problems we encountered in evaluating secure wireless network configuration and examine the assumptions many user study methods make, but which may not hold for security