Look Beyond the “Fundamental Conflict”

March 12, 2005 by Ping

What better way to initiate a usability blog than by picking a bone with a prominent figure like Jakob Nielsen?

In one of his Alertbox columns, Nielsen opens the discussion by outlining a “fundamental conflict” between usability and security.  He writes:

Usability advocates favor making it easy to use a system, ideally requiring no special access procedures at all, whereas security people favor making it hard to access a system, at least for unauthorized users.

That particular column is now more than four years old, but similar comparisons of the goals of usability and security have been made so often that the conflict has come to be accepted as traditional wisdom.  I’m going to argue that it’s time to set aside this assumption.

Nielsen’s juxtaposition needs some refinement.  Here’s the way I like to see it:

  • Usability is about making it easier to get desirable results.
  • Security is about making it harder to get undesirable results.

When you see it this way, they don’t have to be in conflict.  This perspective also reveals the reason that usability and security come into conflict: they conflict when you can’t tell the difference between desirable and undesirable results.

The reason Nielsen runs into a fundamental conflict is that he has chosen login authentication as the subject of his analysis.  In that particular subdomain, the conflict is real.  The purpose of passwords is to separate authorized users from unauthorized users.  There is no a priori knowledge of whether the person entering the password should be allowed to enter.

But there’s a lot more to security than passwords.  In fact, today’s biggest security problems—viruses, spam, phishing, spyware—have nothing to do with somebody guessing a poorly chosen password.  They have to do with errors in identification or errors in granting too much power to untrustworthy parties.

So, don’t be too quick to carry over the assumptions from authentication to other security problems.  Security requires carrying out the user’s intentions correctly, and in order to be usable, a system can’t be breaking down all the time.

Let’s avoid the characterization of “usability people” and “security people” as entrenched in opposing camps.  Much of the time, we’re all trying to achieve the same goal: to make sure the right things happen, effortlessly.  To achieve that, we need to listen to each other.

Check out: http://www.andrewpatrick.ca/CHI2003/HCISEC/hcisec-workshop-yee.pdf

Ka-Ping Yee has done some great work, that provide guidelines for aligning security and usability. He in considering capability systems in particular but the guidelines are general: http://www.sims.berkeley.edu/~ping/sid/


I just noticed that you link to Ka on your frontage… So you odiously already knew his work…


That’s me. I’m Ka-Ping and i wrote this blog entry. Thanks for the kind compliment!

I hope you stick around and chime in with your thoughts. There will be a lot to talk about, and we’re just getting started.


[...] usable security, which promises to be an interesting read. Their perspective from looking beyond the "fundamental conflict" more or less summarizes the whole issue: [...]

Jeremy Dunck wrote:

Small world, Julien. (Ping, Julien is involved in Greasemonkey. Julien, I just met Ping at SxSW).

Welcome to blogging, Ping. ;)


Well said. The job of the software architect, as I see it, is to harmonize the “ilities”. This means find force multipliers among what are treated as the various specialty concerns like security and usability. There is a lot of shared ground and values between security and usability, not the least of which is a shared goal of simplicity. The software architect should focus on the areas where the disciplines agree, and making a business case that shows the combined impact of improved risk management (security) and user experience (usability).


I agree that login/authentication systems (at least in their current mental-model based format) are a usability challenge. But what are the usability issues unique to other types of security applications (e.g. viruses, spam, etc). I’ve seen very little written about these. Any recommendations?