25
edits
IFD:Nutzerstudien WiSe1314/Sicherheit endpresentation (security) (view source)
Revision as of 20:15, 14 March 2014
, 14 March 2014no edit summary
No edit summary |
No edit summary |
||
| Line 235: | Line 235: | ||
We tested it and our testperson went through it without problems. | We tested it and our testperson went through it without problems. | ||
<span style="color:#ee9966">This is a good balance of familiar interface experience and quick to use regularly. Its not as flashy as the swipe, but seems like it would not get too annoying if you saw it regularly.</span> | |||
===Prototype 2e)=== | ===Prototype 2e)=== | ||
| Line 244: | Line 247: | ||
[[File:nust_security_prototype_automatic.png | 400px]] | [[File:nust_security_prototype_automatic.png | 400px]] | ||
<span style="color:#ee9966">You are right, starting the secure session is too complicated. The on/off switch would be a nice representation, but because of technical constraints, I don't think it would be workable. We tried it and it was confusing people. The problem is the on/off widget cannot represent anything but on or off, and it takes a while for the OTR session to start. So that leaves the on/off switch in a confusing state while OTR is starting. OTR is neither on nor off. We still don't have a great answer for this problem, but it seems that a button with an icon that changes is the best bet. Then we can represent multiple states.</span> | |||
<span style="color:#ee9966">Starting OTR automatically all the time would also make things easier, but that also has technical limitations. OTR works by sending text messages, and if someone is using a program that does not include OTR, they'll see those odd OTR messages. Its not a huge problem, but it does freak some people out.</span> | |||
==Presentation== | ==Presentation== | ||
| Line 252: | Line 262: | ||
My topic had been ''security and usability of passwords''. It was really interesting to inform myself about that. The gap between easy understanding (usability) and security of password-protected websites was one theme. In my presentantion I explained that system builder to think out of the perspective of the user. <br> | My topic had been ''security and usability of passwords''. It was really interesting to inform myself about that. The gap between easy understanding (usability) and security of password-protected websites was one theme. In my presentantion I explained that system builder to think out of the perspective of the user. <br> | ||
However, what I liked the most in my research had been the studies about what passwords other people choose and how they choose them. I was quite surprised about how easy people's passwords can be encrypted and that hacker go social ways more than mathematical ones to crack them. | However, what I liked the most in my research had been the studies about what passwords other people choose and how they choose them. I was quite surprised about how easy people's passwords can be encrypted and that hacker go social ways more than mathematical ones to crack them. | ||
<span style="color:#ee9966">Its always surprising, but still, "social engineering" is still the main way people break into computer systems. Edward Snowden used a lot of social engineering techniques to get access to many of the documents that he leaked.</span> | |||
'''Student 2:''' | '''Student 2:''' | ||
My presentation was about prototyping. It was interesting, how many types of prototypes are existing. There are many ways to test new ideas. You have to choose, which type of prototyp is the best for your product. | My presentation was about prototyping. It was interesting, how many types of prototypes are existing. There are many ways to test new ideas. You have to choose, which type of prototyp is the best for your product. | ||
<span style="color:#ee9966">I find that rapid prototyping is essential to the process of making good user experiences. For most people, the design process works best when there are many iterations on the idea, so making more iterations as fast as possible means more ideas get explored.</span> | |||
'''Student 3:''' | '''Student 3:''' | ||
My talk was about designing interfaces for secure or security based systems. The main statement of these paper was, that the most of the classical rules of design does not meet the requirements of such an interface. The authors based their thesis upon user tests with the e-mail encryption tool pgp. It was also interesting to read how a test should be organised and which aspects of the test subjects should be kept in mind. All in all it was a very interesting topic for me and i could recommend this paper to everyone. | My talk was about designing interfaces for secure or security based systems. The main statement of these paper was, that the most of the classical rules of design does not meet the requirements of such an interface. The authors based their thesis upon user tests with the e-mail encryption tool pgp. It was also interesting to read how a test should be organised and which aspects of the test subjects should be kept in mind. All in all it was a very interesting topic for me and i could recommend this paper to everyone. | ||
<span style="color:#ee9966">Representing technical limitations to the user in a simple way will always be challenging. User testing has demonstrated itself to be a great method for finding out how well ideas and designs map to real experience.</span> | |||
==What we learned / conclusions:== | ==What we learned / conclusions:== | ||
| Line 265: | Line 284: | ||
<span style="color:#598193">Ich habe mich sehr gefreut, eure Dokumentation zu lesen. Leider endet sie etwas abrupt. Es würde bei mir als Leser und vermutlich auch unseren Mentoren einen sehr guten letzten Eindruck hinterlassen, wenn hier noch eine Zusammenfassung der wichtigsten Erkenntnisse und Vorschläge zu lesen wäre; Sinnigerweise mit einer Übersicht in Bild- oder Grafikform (siehe Mail) </span> | <span style="color:#598193">Ich habe mich sehr gefreut, eure Dokumentation zu lesen. Leider endet sie etwas abrupt. Es würde bei mir als Leser und vermutlich auch unseren Mentoren einen sehr guten letzten Eindruck hinterlassen, wenn hier noch eine Zusammenfassung der wichtigsten Erkenntnisse und Vorschläge zu lesen wäre; Sinnigerweise mit einer Übersicht in Bild- oder Grafikform (siehe Mail) </span> | ||
<span style="color:#ee9966">I also want to see more. I think you had a lot of good design ideas, but there was not a lot of information outside that to back up the designs.</span> | |||
| Line 270: | Line 291: | ||
For our prototypes, we concentrated to improve the interface. As shown in the prototypes before, we: | For our prototypes, we concentrated to improve the interface. As shown in the prototypes before, we: | ||
*in prototype a) added colors to button and bar | *in prototype a) added colors to button and bar | ||
*in b) inform the user, if the message is | *in b) inform the user, if the message is insecure, through an exclamation mark and a slide-system | ||
*in c) inform the user, if the message is | *in c) inform the user, if the message is insecure, through a pop-up | ||
*in d) changed the words "OTR" to "secure messaging", because users don't know what OTR meant and added a pop-up to inform the user what to do after sending a message fails three times in a row | *in d) changed the words "OTR" to "secure messaging", because users don't know what OTR meant and added a pop-up to inform the user what to do after sending a message fails three times in a row | ||
*in e) added the functions that secure messaging starts automatically. | *in e) added the functions that secure messaging starts automatically. | ||