Explore chapters and articles related to this topic
Machine identities
Published in Abbas Moallem, Human-Computer Interaction and Cybersecurity Handbook, 2018
Another common application of encryption is to protect e-mail communications. While the advent of text messaging and social networks has given users other options, e-mails remain the most commonly used means for communication for business and personal use. There are many sensitive data that are typically accessible in users’ e-mail communications, which makes e-mail providers a prime target for malicious actors. While the data themselves are stored and transmitted securely between e-mail senders and recipients, it is possible to intercept this traffic while it is in transit, and this is where encryption comes in handy to provide an additional layer of security. Essentially, e-mail traffic is protected such that even if the communication channel (sometimes referred to as a tunnel) is compromised, only the recipient(s) have the capability to read the actual contents of the e-mail. While e-mail encryption is essentially a user-specific task and as such is challenging to roll out to individuals (training users to implement e-mail encryption is an onerous process, especially for nontechnical users), organizations have frequently deployed encryption at the enterprise gateway in an attempt to minimize the risk of compromise when data are in transit between the sender and the recipient.
A quarter century of usable security and privacy research: transparency, tailorability, and the road ahead
Published in Behaviour & Information Technology, 2022
Christian Reuter, Luigi Lo Iacono, Alexander Benlian
From this initial and still very narrowly focussed research, the field of usable security and privacy has evolved over the last decade to encompass broader topics, and also the variety of stakeholders has increased in recent years. For example, researchers have begun to address security and privacy issues of employees (Nicholson, Coventry, and Briggs 2018; Tolsdorf, Reinhardt, and Iacono 2022; Tolsdorf et al. 2021), sex workers (McDonald et al. 2021), people with disabilities (Hayes et al. 2019; Marne, Nasrullah, and Wright 2017; Napoli et al. 2021), refugees (Steinbrink et al. 2021), youth (Brodsky et al. 2021; Cranor et al. 2014; Lastdrager et al. 2017), and seniors (Frik et al. 2019). Topics that have recently been focussed on in academia still include passwords and passwordless authentication with all conceivable approaches, devices, and contexts of use (Farke et al. 2020; Gerlitz, Häring, and Smith 2021; Golla et al. 2021; Kunke et al. 2021; Lassak et al. 2021; Lyastani et al. 2020; Owens et al. 2021; Tan et al. 2020; Ulqinaku et al. 2021; Wiefling, Dürmuth, and Iacono 2020; Wiefling et al. 2020). In the last years, usable security and privacy research also started to include developers and software engineers as a target user group (Gorski et al. 2021; Naiakshina et al. 2019; Plöger, Meier, and Smith 2021; Roth et al. 2021; Tahaei, Vaniea, and Saphra 2020). This was due to the fact that many security incidents in practice result from insecure code (Green and Smith 2016). Therefore, providing usable development support and tools is considered in research as a solution to achieve more secure code. This branch of research is also known as Developer-Centered Security (DCS). Furthermore, research has also focussed on email security. After numerous works on usable email encryption (Ruoti and Seamons 2019), phishing is back in the spotlight (Althobaiti, Meng, and Vaniea 2021; Hasegawa et al. 2021; Wash, Nthala, and Rader 2021), as it has become a serious threat in the era of working from home during the COVID-19 pandemic. For other technological developments that the COVID-19 pandemic has accelerated, such as remote communication or digital vaccination certificates, attitudes and preferences are also being explored (Emami-Naeini et al. 2021; Kowalewski et al. 2022). In addition, research continues to explore users' overall understanding, attitudes, and needs toward information technologies. Be it mental models about the IoT (Zheng et al. 2018; Zimmermann et al. 2018), encryption mechanisms (Krombholz et al. 2019; Wu and Zappala 2018), the internet (Brodsky et al. 2021; Kang et al. 2015), or conceptualisations of privacy in an information society (Oates et al. 2018; Tolsdorf et al. 2021).