1 Department of Computer Science, Faculty of Science, Aarhus University, Aarhus University2 Department of Computer Science, Science and Technology, Aarhus University3 Department of Computer Science, Science and Technology, Aarhus University
While the domain of security dependent technologies brings new challenges to HCI research it seems that the results and breakthroughs of HCI have not been used in design of security dependent technologies. With exceptions, work in the research field of usable security may be criticized for focusing mainly on adjusting user behavior to behave securely. With our background in newer HCI perspectives we address secure interaction from the perspective of security technology as experience. We analyze a number of collected user stories to understand what happens when everyday users encounter security dependent technologies. We apply McCarthy & Wright's  experience framework to the security domain and our collected stories. We point out that there are significant differences between being secure and having a secure experience, and conclude that classical usable security, focus on people's immediate security experience, and the full focus on experience proposed by McCarthy & Wright lead to three very different interaction concerns, analytically and as regards design. We illustrate these differences by examples, and conclude with a discussion of how to advance the field of usable security.
Acm International Conference Proceeding Series: Proceedings of the 5th Nordic Conference on Human-computer Interaction: Building Bridges, 2008, p. 283-290
experience; human-computer interaction; usability; usable security; user experience; user story collection; user testing