- From: Dan Schutzer <dan.schutzer@fstc.org>
- Date: Fri, 26 Jan 2007 08:22:28 -0500
- To: "'Close, Tyler J.'" <tyler.close@hp.com>, <public-wsc-wg@w3.org>
- Message-ID: <011101c7414d$07f08940$6500a8c0@dschutzer>
I agree that the assumption that there are different categories of users who have different needs for the presentation of security information (with the exception of people with disabilities) is an assumption that needs to be tested. -----Original Message----- From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org] On Behalf Of Close, Tyler J. Sent: Thursday, January 25, 2007 6:48 PM To: public-wsc-wg@w3.org Subject: Do user personas make sense for usable security? Hi all, The wiki page at: http://www.w3.org/2006/WSC/wiki/NoteUserTestVerification , as well as much discussion on this mailing list, has assumed there are different categories of users and that users in each of these categories have different needs for the presentation of security information. I am wondering if that's actually true. Usable security is different from general usability in that security is not the user's primary goal. The user has a separate task that is their primary goal and is consuming almost all of their attention and effort. I am thinking that differences is user behaviour are much more likely for primary goals than for peripheral goals. I suspect that an expert user working intently behaves much the same as a novice user, when one only looks at actions that are peripheral to the primary goal. This suspicion seems to be substantiated by the results of the "Why Phishing Works?" user study, which found no correlations between the background of their test subjects and their performance on phishing tests. Barring evidence to the contrary, I think this WG should not attempt to categorize users, or differentiate the presentation of security information for these hypothetical categories. Tyler
Received on Friday, 26 January 2007 13:22:55 UTC