Lessons from usable security

Sometimes, the biggest cybersecurity threat isn’t a hacker, it’s a confusing dropdown menu.
On January 13, 2018, Hawaii residents received a chilling alert:
“BALLISTIC MISSILE THREAT INBOUND TO HAWAII. SEEK IMMEDIATE SHELTER. THIS IS NOT A DRILL.”

Not cybercriminals, but a poorly designed emergency alert system where real threats and drills were mixed together in the same dropdown menu had sent Hawaii into chaos for 38 minutes. This is the perfect (if terrifying) example of why usable security matters. As Jakob Nielsen put it:
Usefulness = Utility + Usability. As part of our teaching efforts, we therefore focus also on the trade-offs and human factors.

A system that works in theory but confuses users in practice is a system waiting to fail. Research shows that even small improvements like clearer documentation, can make a world of difference in user understanding and satisfaction. And while fingerprint authentication feels secure and easy, perceptions can shift quickly when users see how easily it can be spoofed. 🖐️🔍The old joke says the real problem is “the nut at the keyboard.” 🥜

But let’s be honest: it’s time to stop blaming users and start fixing interfaces. Security is only as strong as the human experience around it. That’s why at ProCyD, we’re committed to making cybersecurity education about people, not just protocols.💡

Based on the slides of Prof. Vashek Matyas
Scroll to Top