Lecture: Usable Security and Privacy


  • Responsible: Prof. Dr. Matthew Smith
  • Start: 27.04.2021
  • Dates: Tue. 12-14 AM + Fri. 10-12 AM, weekly, online
  • Course number:



  • Term: Bachelor Computer Science, Bachelor Cyber Security
  • Requirements:
  • Faculty: BA-INF 145
  • Effort: 4L+2E / 9 CP


The first lecture will take place on 27th of April from 12:15 until 13:45.

Many aspects of information security combine technical and human factors. If a highly secure system is unusable, users will try to circumvent the system or move entirely to less secure but more usable systems. Problems with usability are a major contributor to many high-profile security failures today.

However, usable security is not well-aligned with traditional usability for three reasons. First, security is rarely the desired goal of the individual. In fact, security is usually orthogonal and often in opposition to the actual goal. Second, security information is about risk and threats. Such communication is often unwelcome. Increasing unwelcome interaction is not a goal of usable design. Third, since individuals must trust their machines to implement their desired tasks, risk communication itself may undermine the value of the networked interaction. For the individual, discrete technical problems are all understood under the rubric of online security (e.g., privacy from third parties use of personally identifiable information, malware). A broader conception of both security and usability is therefore needed for usable security.

The lecture on Usable Security and Privacy deals with many aspects of human factors and usability in the context of security and privacy. The lecture includes both the foundations of usable security and privacy as well as a selection of cutting edge international research in this area. Topics include:

  • Evaluation of usability issues of existing security & privacy models or technology

  • Design and evaluation of new usable security & privacy technology

  • Impact of organizational policy on security and privacy interaction

  • Lessons learned from designing, deploying, managing or evaluating security & privacy technologies

  • Foundations of usable security & privacy

  • Methodology for usable security & privacy research

  • Ethical, psychological, sociological and economic aspects of security & privacy technologies