Computer Science Department
School of Computer Science, Carnegie Mellon University
Usability of Security: A Case Study
Alma Whitten, J.D. Tygar
In order to gain insight and better define this problem, we studied the usability of PGP 5.0, which is a public key encryption program mainly intended for email privacy and authentication. We chose PGP 5.0 because it has a good user interface by conventional standards, and we wanted to discover whether that was sufficient to enable non-programmers who know little about security to actually use it effectively. After performing both user testing and a cognitive walkthrough analysis, we conclude that PGP 5.0 is not sufficiently usable to provide effective security for most users.
In the course of our study, we developed general principles for evaluating the usability of computer security utilities and systems. This study is of interest not only because of the conclusions that we reach, but also because it can serve as an example of how to evaluate the usability of computer security software.