Making security usable: Are things improving?

Given the increased focus on the need for usable security, it is now to be hoped that the issue will receive greater attention in new software releases. Unfortunately, however, there is still evidence to suggest that usable security receives insufficient consideration when the related features are presented in the context of larger applications. As an illustration of this claim, the paper examines how the security-related features have evolved within new releases of Internet Explorer and Word, and identifies that although there have been some improvements when compared to earlier versions, there are also aspects that will represent new or ongoing problems for users. Examples of such problems are highlighted in a number of security-related interfaces from both applications, with the use of technical terminology and/or a lack of accompanying help being amongst the frequent concerns. Nielsen's usability heuristics are then used as the basis for a summary-level evaluation, to illustrate how the identified issues also contravene good practice in user interface design. (c) 2007 Elsevier Ltd. All rights reserved.