Is an 8-character password more secure than a 4-character one? Is a 16-character password even more secure? What about a 32-character password? Or a 64-character one? What does your model of security say? Does it say that the longer the password, the more secure it is, or the longer the password, the less secure it is, because people will write it down and get more cynical about your stupid, inconvenient rules? Is it safer to make people switch to a new password every year, every quarter, every week, every hour, or every minute?
You can build a fabulous system with dozens of options, but if people don't find it useful, usable, and acceptable, then it won't get used. If you force them, people will subvert it. Trust is a critical element in
adoption, continuing use, and, indeed, committed use. Poor design and a failure to look at the issues from the perspective of end users and different stakeholders can lead to costly failures. This talk will explore how usability analysis, computer-supported cooperative work, and sociotechnical systems engineering can inform the design of resources that have elements of security and privacy.
Michael Twidale is a professor in the Graduate School of Library and Information Science at the University of Illinois at Urbana-Champaign. His research interests include computer-supported cooperative work, computer-supported collaborative learning, human-computer interaction, sociotechnical systems engineering, and museum informatics. Current projects include studies of informal social learning of technology, technological appropriation, metrics for open access, collaborative information retrieval, agile methods, ubiquitous learning, and the usability of open-source software. His approach involves the use of interdisciplinary techniques to develop high-speed, low-cost methods to better understand the difficulties people have with existing computer applications and so to design more effective systems.