Over the past decade, the term usable security has been widely used to describe measures that are both effective and easy for users to understand and operate. However, the scientific literature has so far been disappointing: the concept is often applied loosely, focusing on interface-centered usability (mainly through system comparisons) rather than on behaviourally grounded, design-driven improvements. This article argues that usability principles are not inherently related to security. Instead, building a meaningful body of knowledge in usable security requires understanding why users circumvent protective measures and identifying behavioural design strategies that prevent such circumvention while promoting secure habits. From this perspective, user behaviour becomes the central concern, surpassing interface usability itself. To support this shift, the article proposes a reinterpretation of usability principles through the lens of behaviour analysis, focusing on reinforcement processes, habit formation, and measurable behaviour change. The article includes a brief narrative review of the available nudging interventions in cybersecurity (a line of research explicitly aligned with this behavioural approach) highlighting key findings and current limitations. The article concludes by outlining a research agenda grounded in behaviour analysis, aimed at guiding the design of security systems that shape, maintain, and evaluate effective user behaviour over time.
Usable security: a (re)definition and a research agenda / Di Nocera, Francesco. - In: THEORETICAL ISSUES IN ERGONOMICS SCIENCE. - ISSN 1464-536X. - (2025). [10.1080/1463922X.2025.2597035]
Usable security: a (re)definition and a research agenda
Francesco Di Nocera
2025
Abstract
Over the past decade, the term usable security has been widely used to describe measures that are both effective and easy for users to understand and operate. However, the scientific literature has so far been disappointing: the concept is often applied loosely, focusing on interface-centered usability (mainly through system comparisons) rather than on behaviourally grounded, design-driven improvements. This article argues that usability principles are not inherently related to security. Instead, building a meaningful body of knowledge in usable security requires understanding why users circumvent protective measures and identifying behavioural design strategies that prevent such circumvention while promoting secure habits. From this perspective, user behaviour becomes the central concern, surpassing interface usability itself. To support this shift, the article proposes a reinterpretation of usability principles through the lens of behaviour analysis, focusing on reinforcement processes, habit formation, and measurable behaviour change. The article includes a brief narrative review of the available nudging interventions in cybersecurity (a line of research explicitly aligned with this behavioural approach) highlighting key findings and current limitations. The article concludes by outlining a research agenda grounded in behaviour analysis, aimed at guiding the design of security systems that shape, maintain, and evaluate effective user behaviour over time.| File | Dimensione | Formato | |
|---|---|---|---|
|
Di Nocera_Usable-security_2025.pdf
solo gestori archivio
Tipologia:
Versione editoriale (versione pubblicata con il layout dell'editore)
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
1.21 MB
Formato
Adobe PDF
|
1.21 MB | Adobe PDF | Contatta l'autore |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
