navigation, motivated security, tangible security, proportional security,
and feeling secure (see sidebar).
A workshop lasted three
hours. A designer introduced the
IT-security domain, the six discussion themes, and examples
from possibilities, and challenged
underlying assumptions of the participants. The themes were handed
to participants and the design
task was introduced. The participants worked in groups of three or
four. At the end, each group presented their work to the rest.
Potential: It took a fair amount of
work to actively use the themes in
the group discussions, whereas the
design exercises as such prompted
the participants to think about
usable security. Participants may
need a better introduction to the
discussion themes to help with discussion and inspiration.
cellphone to sign for a purchase,
either on the participants’ own cellphones or on a borrowed one. All
participants made several transactions during the three-hour session.
The participants were prompted
to sign for payment of the beverages and snacks they ordered. In
this they made use of a combination of their experiences with other
payments forms, other cafe visits,
and their experiences with previous
transactions in the enactment. We
even got access to quite advanced
security behavior through only a
few hours of transactions, as illustrated by the following story.
A friend of one of the participants
came into the cafe. The participant
offered her friend a cup of coffee
and lent her phone to her friend.
She whispered the PIN code in her
ear and the friend ordered a cup of
coffee. The bartender served the
coffee, selected coffee on the tablet
PC, and asked the “new participant”
to sign without further comments,
which she did. From the debriefing
we understood that the participants
and their friends sometimes borrowed credit cards and PIN codes
from each other, even though banks
do not approve of this practice.
This behavior clearly inspired the
phone signing observed in acting
out security. This approach clearly
contradicted the assumptions of the
designers and had strong implications for continued design.
Potential: The devil is in the
details when it comes to understanding people’s IT-security practices as they unfold. This kind of
detailed enactment takes a significant effort to set up, at the same
time as it makes it possible to get
beyond immediate assumptions.
We hope we have provided
some ideas about how to design
for usable security without falling into the trap of better generic
modeling. We invite readers to
peruse the referenced articles and
explore the methods themselves.
The work presented here is based on
Niels Mathiasen’s Ph.D. thesis and the
three referenced papers by the authors.
Making Security Tangible Through
Acting Out Security
Purpose: To supplement the user
stories and workshops and support
participants in acting out security
in everyday situations in a real context, we prototyped a mobile phone
identification and a point-of-sales
application for a cafe.
Example: Normally, guests pay at
a cafe using cash or credit cards. By
installing our application on their
mobile phones, they were able to
use their mobile phones and mobile
digital identity. In this case, users’
prior experiences included some of
these forms of payment, as well as
their cellphone security practices.
The enactment took place during
normal opening hours at the cafe,
when other customers were present. A tablet PC worked as point-of-sales software in parallel with
the cafe’s normal cash register. The
application made it possible to pay
for beverages and snacks using a
1. Landau, S. Privacy and Security. A multidimensional problem. CACM 51, 11 (2008), 25-26.
2. Lampson, B. Privacy and Security. Usable security: How to get it. CACM 52, 11 (2009), 25-27.
3. Norman, D. The Way I See It. When security gets
in the way. interactions 16, 6 (2009), 60-63.
4. McCarthy, J. and Wright P. Technology as
Experience. MI T Press, Cambridge, MA, 2004.
5. Braz, C., Seffah, A., and M’Raihi, D. Designing a
trade-off between usability and security: A metrics-based model. In INTERACT 2007, LNCS 4663, Part
II, C. Baranauskas et al., eds. 2007, 114-126.
6. Mathiasen, N. and Bødker, S. Threats or threads:
From usable security to secure experience? Proc.
NordiCHI 2008, 283-290.
7. Mathiasen, N. and Bødker, S. Experiencing
security in interaction design. Proc. CHI 2011,
8. Mathiasen, N., Bødker, S., and Petersen
M.G. While working around security. Proc. 3rd
International Conference on Human Computer
Interaction, IndiaCHI 2011.
9. Halskov, K. and Dalsgaard, P. The emergence
of ideas: The interplay between sources of inspiration and emerging design concepts. CoDesign:
International Journal of CoCreation in Design and the
Arts 3, 4 (2007), 185-211.
ABOUT THE AUTHORS
Susanne Bødker is a professor of
human-computer interaction in
the Department of Computer
Science, Aarhus University. She is
known for her work on computer-mediated human activity.
Niels Raabjerg Mathiasen is a
soft ware developer and consul-
tant at Trifork designing and
developing IT solutions. He spe-
cializes in design of IT-security-
sensitive artifacts and user
involvement. Recently, he
defended his Ph.D. on the topic of HCI and secu-
rity in the Department of Computer Science,
Marianne Graves Petersen is an
associate professor of human-computer interaction in the
Department of Computer Science,
Aarhus University. She conducts
research into interaction design
for pervasive computing.
September + October 2012
© 2012 ACM 1072-5520/12/09 $15.00