|
|
Design Principle Violation: Failure to Satisfy Psychological Acceptability Status: Draft Weakness ID: 655 (Weakness Base)Description Summary A security mechanism is too difficult or inconvenient to use, encouraging non-malicious users to disable or bypass the mechanism, whether by accident or on purpose. Weakness Ordinalities Primary (where the weakness exists independent of other weaknesses) Causal Nature Implicit Common Consequences Integrity By bypassing the security mechanism, a user might leave the system in a less secure state than intended by the administrator, making it more susceptible to compromise. Potential Mitigations Where possible, perform human factors and usability studies to identify where your product's security mechanisms are difficult to use, and why. Make the security mechanism as seamless as possible, while also providing the user with sufficient details when a security decision produces unexpected results. Demonstrative Examples Example 1: In "Usability of Security: A Case Study" (see References), the authors consider human factors in a cryptography product. Some of the weakness relevant discoveries of this case study were: users accidentally leaked sensitive information, could not figure out how to perform some tasks, thought they were enabling a security option when they were not, and made improper trust decisions. Example 2: Enforcing complex and difficult-to-remember passwords that need to be frequently changed for access to trivial resources, e.g., to use a black-and-white printer. Complex password requirements can also cause users to store the passwords in an unsafe manner so they don't have to remember them, such as using a sticky note or saving them in an unencrypted file. Example 3: Some CAPTCHA utilities produce images that are too difficult for a human to read, causing user frustration. Other Notes This weakness covers many security measures causing user inconvenience, requiring effort or causing frustration, that are disproportionate to the risks or value of the protected assets, or that are perceived to be ineffective. References Jerome H. Saltzer and
Michael D. Schroeder. "The Protection of Information in Computer Systems". Proceedings of the IEEE 63. September, 1975. <http:/ Sean Barnum and
Michael Gegick. "Psychological Acceptability". 2005-09-15. <https:/ J. D. Tygar and
Alma Whitten. "Usability of Security: A Case Study". SCS Technical Report Collection, CMU-CS-98-155. 1998-12-15. <http:/ Relationships
Applicable Platforms Languages All Time of Introduction  Architecture and Design Implementation OperationContent History Submissions Pascal Meunier. Purdue University. 2008-01-18. (External Submission) Modifications Eric Dalci. Cigital. 2008-07-01. (External) updated Time_of_Introduction CWE Content Team. MITRE. 2008-09-08. (Internal) updated Common_Consequences, Relationships, Other_Notes, Weakness_Ordinalities |
|
|
|||
