Human Factors in Security and Privacy
The Human Factors in Security and Privacy group is led by Yasemin Acar. We study how users interact with security and privacy. While provably secure encryption, strong authentication and access control mechanisms provide high levels of security and privacy, there is a persistent gap in actual security for users. This huge gap between strong theoretical security offered by security mechanisms and low actual security in practice can partially be explained by a lack of consideration of human factors when developing these solutions. Our research investigates users’ behaviors, skills, needs, wishes, and limitations with respect to security and privacy, with the aim to better understand how software can enhance users’ lives without putting their data at risk. For example, we investigate how and why users understand and use (or do not use) secure messaging protocols.
One major focus is research into how developers think and act with respect to secure software development, as vulnerabilities and design decisions introduced at this level affect billions of end users. We aim to understand developers’ education and mindsets, their processes, the tools that they use, and their pitfalls as the foundation for shifting development practices to be more secure.