COMP 150-04 Human Factors in Security and Privacy

Does requiring users to change their passwords regularly make them more secure? In theory it should. If passwords are changed regularly, then a stolen credential is only good until the next update. Unfortunately, in practice, users struggle to come up with and remember complex passwords. This leads users to settle for weaker passwords when they know regular updates are required. Further, password updates are generally derivative of the earlier password. This makes them easy to remember, but voids the security benefits of password updates. This is just one example of the need to consider human factors when making security and privacy design decisions. This course is designed as an introduction to a variety of human-interaction problems for security and privacy. The course will cover topics from password management and access control to challenges in online privacy and secure software development. Students will be given an overview and be introduced to relevant literature for each topic.

This course will also give students practical experience designing studies to evaluate security and privacy usability issues in system design. Students will be introduced to a variety of methods common in human factors research (e.g., interviews, surveys, diary studies). Throughout the course, students will be expected to complete a group project, piloting a small study.