subject

Get started with custom lists to organize and share courses.

Sign up

Profile

Aslam Karachiwala

Aslam Karachiwala

Usable Security

Written 3 years ago
The following is the review I posted on Coursera.

===

This was an extremely elementary and thus disappointing course. While the importance of "Usability" was rightly emphasized, the representation in terms of examples, case studies, etc. was simplistic. I appreciated having my attention drawn to the pitfalls of HCI design and the consequent failure of the corresponding systems. However, the solutions were presented as if: 1.) there are always "correct" interface/usability choices; 2.) the "correct" choice is all that's needed for the system to be optimally functional; and 3.) there is never a tension between usability and effective functioning of a system (that can't be resolved with correcting the usability).

It is irresponsible to suggest, for example, that a user selected memorable password is generally adequately secure without also covering ways that an interface can guide/nudge the user to create a secure password. Wide recognition of the importance of this may be more recent than the studies covered in the course. There is nothing wrong with studying old, seminal research, even in this age of "Internet time," but I wish I wasn't left wondering what, if any, developments had occurred in the decade or so since that research took place.

As for tension between usability and security, it absolutely exists. For instance, PGP encryption is a reliable way to secure information, yet making it usable remains a challenge. This is not even mentioned in the entire course. In fact, this course would leave an otherwise uninformed student believing that there are usability solutions waiting to be applied to every cause of info insecurity if the techies would just look. I wish the course had at least acknowledged that there are cases where a slight compromise on usability might be necessary for the sake of appropriate security.

Lastly, for those designing an HCI for security, it is important to understand threat models. This concept is also missing from the course.

===

I reviewed this course (above) immediately after I finished it. I am now in the 3rd week of Software Security, the 2nd course in the Cybersecurity specialization, and am realizing that 2 stars was a generous assessment. Based on the prerequisites of the Software Security course, the Usable Security course, in its current form, is too elementary to be appropriate for people who have the experience/knowledge required for the rest of the courses in this specialization. As I explained above, the course relies heavily on decade-old research but does not cover any developments since. For instance, the usability issues covered in the studies are for ancient versions of browsers with no discussion of how the browsers and our infosec vulnerabilities have changed since those studies were published. Another example is the instructor's eschewing of password managers while many knowledgeable folks in the infosec community today recommend their use. The usability challenges of password managers and a discussion of how they might be mitigated would have been more appropriate.

My rating
Aslam Karachiwala completed this course, spending 4 hours a week on it and found the course difficulty to be very easy.

Class Central

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free

Never stop learning Never Stop Learning!

Get personalized course recommendations, track subjects and courses with reminders, and more.