Almut Herzog, Nahid Shahmehri:
User Help Techniques for Usable Security.

In: Proceedings of
1st Symposium on Computer Human Interaction for Management of Information Technology (CHIMIT 07), Cambridge, MA, USA (30th - 31st March 2007), Organization: ACM, March 2007
© ACM Press

There are a number of security-critical applications such as personal firewalls, web browsers and e-mail clients, whose users have little or no security knowledge and are easily confused, even frustrated by menus, messages or dialog boxes that deal with security issues. While there are evaluations of existing applications and proposals for new approaches or design guidelines for usable security applications, little effort has been invested in determining how applications can help users in security decisions and security tasks. The purpose of this work is to analyse conventional and security-specific user help techniques with regard to their usefulness in supporting lay users in security applications. We analyse the following help techniques: online documentation, context-sensitive help, wizards, assistants, safe staging and social navigation, and complement these with the tempting alternative of built-in, hidden security. Criteria for the analysis are derived from the type of user questions that can arise in applications and from definitions of when a security application can be called usable. Designers of security applications can use our analysis as general recommendations for when and how to use and combine user help techniques in security applications, but they can also use the analysis as a template. They can instantiate the template for their specific application to arrive at a concrete analysis of which user help techniques are most suitable in their specific case.



	author = {Almut Herzog and Nahid Shahmehri},
	title = {User Help Techniques for Usable Security},
	booktitle = {Proceedings of 1st Symposium on Computer Human Interaction for Management of Information Technology, Cambridge, MA, USA (30th--31st March 2007)},
	year = {2007},
	organization = {ACM},
	url = {}