This course will focus on the human usability factors that affect security. When computers first came into prominence, security problems were mostly thought of as technical ones: vulnerabilities were exploited due to technical errors — software bugs that needed to be patched. However, as is demonstrated over and over again, the vast majority of modern software security issues stem from human factors. For instance, most software vulnerabilities are exploited because humans fail to apply patches in a timely manner; authentication systems that are difficult to use result in humans choosing weaker passwords (or bypassing security measures altogether); humans are tricked into downloading malware or divulging credentials via phishing; and Internet traffic is easily intercepted because humans fail to properly use encryption technologies.
It’s common to think of security as a purely technical endeavor; however, in this course you will learn why some security problems are better addressed by considering human factors. We will cover traditional usability, we’ll learn about common mistakes that arise when usability is ignored, and we’ll learn how to design and evaluate new security and privacy mechanisms with a human-centered approach.