Less is More Usable: Measuring Security Usability as Energy Efficiency

Resonating with the theme "Blue Ocean Research", this research explores the usability of information systems with concepts typically used to measure the efficiency of a mechanical system. Security is measured not by how often it succeeds, but how often it fails. Usability is frequently in the eye of the beholder, and often measured by objective user response. This creates a challenge to develop reproducible metrics. Security usability presents a more unique problem than ordinary usability. Unlike most functionality in computer interfaces, navigating security is an interruption to the primary objective (Gebauer et al. 2011). If the security is sufficiently disruptive to progress toward the primary objective, a user will either go around the security, or turn it off (Cranor and Garfinkel 2005). Therefore security usability is key to keeping the security in place. Predicting security usability of an interface challenges designers (Sasse et al. 2001). Providing a method to quantify usability of security interfaces takes the guesswork out of security usability design and provides an avenue for communicating the merits of a design. This paper proposes a usability metric that applies the 1st Law of Thermodynamics to the interaction of humans with computer security interfaces.