One of the key challenges in the development of secure software is the tradeoff between usability and security. Often, many of the rigorous requirements of a strong cryptographic implementation appear to be at odds with consumer requirements and desires. Non-technical users typically desire a straightforward user interface which does not require them to learn any special skills to use the application, yet also expect the application to offer them adequate protection . There is, however, very little that an average user can do to ensure the security of the underlying technical implementation of security software they run, presenting a major challenge for users left unable to conveniently verify that the software works as expected. The intersection of the technical requirements for cryptography, and consumers’ desires for usability, introduces a number of opportunities for security weaknesses to emerge within the design of security software. A desire for convenience has been widely recognised as resulting in poor security practices, such as in the selection of passwords , of particular concern where user passwords are used for the generation of encryption keys for data.
|Title of host publication||Cybersecurity and Privacy - Bridging the Gap|
|Editors||Khajuria Samant , Lene Sørensen, Knud Erik Skouby|
|Place of Publication||Aalborg|
|Number of pages||25|
|Publication status||Published - 31 Mar 2017|
- cryptographic software
- user interface
Paul, G., & Irvine, J. (2017). An introduction to security challenges in user-facing cryptographic software. In K. Samant , L. Sørensen, & K. E. Skouby (Eds.), Cybersecurity and Privacy - Bridging the Gap (pp. 15-39). Aalborg.