The challenges of understanding and using security: A survey of end-users

Many applications contain security features that are available for end-users to select and configure, as well as the potential to place users in situations where they must take security-related decisions. However, the manner in which these aspects are implemented and presented can often serve to complicate the process, such that users cannot actually use the security that they desire, or which may be expected of them. This paper presents the results of a survey of over 340 end-users in order to determine their understanding of the security features within Windows XP and three popular applications (Internet Explorer, Outlook Express, and Word). The study reveals some significant areas of difficulty, with many standard security features presenting apparent usability challenges for large proportions of the respondents. The results highlight the need for a more considered approach towards the presentation of security functionality if users are to have a realistic chance of protecting themselves. (C) 2005 Elsevier Ltd. All rights reserved.