What users are looking for in cyber security technology
Research news
One in three Aussies have their personal details exposed in data breaches. While many cyber security applications and devices are currently available to organisations and individuals, actual adoption rates remain troublingly low.
Deakin University’s The Centre for Cyber Resilience and Trust (CREST) researchers say that although users understand the security benefits provided, the perceived usability of these devices is often poor.
‘Usability is a key requirement for adoption,’ says Professor Robin Doss, CREST Director.
How can we balance usability and security? Does more of one always mean less of the other? To probe users’ thoughts about cyber security usability, CREST surveyed 400 participants on their thoughts on the usability of physical authentication devices – a key or device used to verify your identity.
Multi-factor authentication increases the security of our accounts. Yet despite the security benefits, many people don’t use them.
‘Adoption rates still hover around 50%, with only a little over half of those users finding it satisfactory,’ says Prof. Doss.
And only one in ten use physical authentication devices, which offer the highest level of security compared to other forms of multi-factor authentication.
‘We found that users had different notions of usable security depending on their age, education and experience. The top three usability features for each group differed by at least one feature,’ Prof. Doss says.
Out of ten usability features, ‘error management’, ‘simplicity’ and ‘info and support’ were very important for almost half the user groups. ‘Perception’ (branding) was considered least important across all groups.
‘Flawed assumptions about user preferences for design may be partially responsible for the low uptake for important security technologies such as physical authentication devices,’ Prof. Doss says.
CREST’s future research will further explore why design feature preferences differ across groups. They will seek to understand how these approaches might be reimagined to better support adoption and proper use.
Ultimately, this will lead to reduced cyber security risks to end users – individuals and organisations alike.
‘Security technology developers and device manufacturers need to adopt a user-centric approach to product design to enhance the usability, accessibility and appeal of their security products,’ Prof. Doss says.
Learn more
What is multi-factor authentication and how should I be using it?
Share this story
Key Fact
The cyber security technology preferences of users vary by age, qualifications and experience. Taking a user-centric design approach could increase the adoption of new technologies.