Number of co-authors:14
Number of publications with 3 favourite co-authors:Philip Inglesant:2Sven Laqua:2Sacha Brostoff:1
M. Angela Sasse's 3 most productive colleagues in number of publications:Clare-Marie Karat:35Ivan Flechais:6David Chadwick:5
To design an easy-to-use interface, pay attention to what users do, not what they say. Self-reported claims are unreliable, as are user speculations about future behavior.
-- Jakob Nielsen
Marc Hassenzahl explains the fascinating concept of User Experience and Experience Design. Commentaries by Don Norman, Eric Reiss, Mark Blythe, and Whitney Hess
User Experience and Experience Design !
Our Latest Books
Kumar and Herger 2013: Gamification at Work: Designing Engaging Business Software...
by Janaki Mythily Kumar and Mario Herger
Whitworth and Ahmad 2013: The Social Design of Technical Systems: Building technologies for communities...
by Brian Whitworth and Adnan Ahmad
Soegaard and Dam 2013: The Encyclopedia of Human-Computer Interaction, 2nd Ed....
by Mads Soegaard and Rikke Friis Dam
M. Angela Sasse
Publications by M. Angela Sasse (bibliography)
Conti, Nicolette, Jennett, Charlene, Maestre, Jose and Sasse, M. Angela (2012): When did my mobile turn into a 'sellphone'?: a study of consumer responses to tailored smartphone ads. In: Proceedings of the HCI12 Conference on People and Computers XXVI 2012. pp. 215-220.
Tailored push advertising on smartphones is a key target for the advertising industry. We conducted a study with 20 professionals 'in the wild': over 5 consecutive days participants received ads tailored to their personal profiles and geographical location on their personal smartphones. Of the 400 ads sent,
© All rights reserved Conti et al. and/or their publisher
Laqua, Sven, Sasse, M. Angela, Greenspan, Steven and Gates, Carrie (2011): Do you know dis?: a user study of a knowledge discovery tool for organizations. In: Proceedings of ACM CHI 2011 Conference on Human Factors in Computing Systems 2011. pp. 2887-2896.
Organisations today have no reliable way of ensuring that all employees are aware of information that may be relevant to their work. In this paper we report on a 2-year project in which we have iteratively designed, developed and tested a knowledge discovery system (KnowDis) for organizations. Early stages of our study revealed that, employees do not know what is available on the corporate intranet, or files and messages they have stored. KnowDis proactively fetches relevant information and displays it in an unobtrusive form; this increases employee awareness without disrupting their tasks. We discuss and characterize knowledge workers' email usage behavior. Our main study with 28 users of KnowDis-enhanced email showed it can improve the user experience and performance on information retrieval tasks for knowledge workers.
© All rights reserved Laqua et al. and/or their publisher
Inglesant, Philip G. and Sasse, M. Angela (2010): The true cost of unusable password policies: password use in the wild. In: Proceedings of ACM CHI 2010 Conference on Human Factors in Computing Systems 2010. pp. 383-392.
HCI research published 10 years ago pointed out that many users cannot cope with the number and complexity of passwords, and resort to insecure workarounds as a consequence. We present a study which re-examined password policies and password practice in the workplace today. 32 staff members in two organisations kept a password diary for 1 week, which produced a sample of 196 passwords. The diary was followed by an interview which covered details of each password, in its context of use. We find that users are in general concerned to maintain security, but that existing security policies are too inflexible to match their capabilities, and the tasks and contexts in which they operate. As a result, these password policies can place demands on users which impact negatively on their productivity and, ultimately, that of the organisation. We conclude that, rather than focussing password policies on maximizing password strength and enforcing frequency alone, policies should be designed using HCI principles to help the user to set an appropriately strong password in a specific context of use.
© All rights reserved Inglesant and Sasse and/or their publisher
Brostoff, Sacha, Inglesant, Philip and Sasse, M. Angela (2010): Evaluating the usability and security of a graphical one-time PIN system. In: Proceedings of the HCI10 Conference on People and Computers XXIV 2010. pp. 88-97.
Traditional Personal Identification Numbers (PINs) are widely used, but the attacks in which they are captured have been increasing. One-time PINs offer better security, but potentially create greater workload for users. In this paper, we present an independent evaluation of a commercial system that makes PINs more resistant to observation attacks by using graphical passwords on a grid to generate a one-time PIN. 83 participants were asked to register with the system and log in at varying intervals. The successful login rate was approximately 91% after 3-4 days, and 97% after 9-10 days. Twenty five participants were retested after two years, and 27% of those were able to recall their pattern. We recorded 17 instances of failed attempts, and found that even though participants recalled the general shape of the pass-pattern in 13 of these instances, they could not recall its detailed location or sequence of cells. We conclude that GrIDsure is usable if people have one pass-pattern, but the level of security will depend on the context of use (it will work best in scenarios where repeated observations of transactions are unlikely), and the instructions given to users (without guidance, they are likely to chose from a small subset of the possible patterns which are easily guessed).
© All rights reserved Brostoff et al. and/or BCS
Sasse, M. Angela, Karat, Clare-Marie and Maxion, Roy (2009): Designing and evaluating usable security and privacy technology. In: Proceedings of the 2009 Symposium on Usable Privacy and Security 2009. p. 16.
Laqua, Sven and Sasse, M. Angela (2009): Exploring blog spaces: a study of blog reading experiences using dynamic contextual displays. In: Proceedings of the HCI09 Conference on People and Computers XXIII 2009. pp. 252-261.
In this paper we report on an eye-tracking experiment conducted with 60 participants to gain an understanding of how people interact with blog environments. We compared a standard blog interface with a novel contextual blog interface, which dynamically adjusts its contextual navigation to a selected article. We measured task performance and interaction behaviour for explorative tasks and goal-oriented search tasks. We further collected subjective feedback to evaluate user preferences. We found that participants using the contextual blog interface completed search tasks 19% faster and made 80% fewer errors. Moreover, participants using the contextual blog interface interacted more with the provided information during the exploration tasks. We did not find significant differences in user preference overall between both blog interfaces. However, a more detailed analysis of our results suggests significant demographic differences for performance, behavioural and subjective measures.
© All rights reserved Laqua and Sasse and/or their publisher
Flechais, Ivan and Sasse, M. Angela (2009): Stakeholder involvement, motivation, responsibility, communication: How to design usable security in e-Science. In International Journal of Human-Computer Studies, 67 (4) pp. 281-296.
e-Science projects face a difficult challenge in providing access to valuable computational resources, data and software to large communities of distributed users. On the one hand, the raison d'Ítre of the projects is to encourage members of their research communities to use the resources provided. On the other hand, the threats to these resources from online attacks require robust and effective security to mitigate the risks faced. This raises two issues: ensuring that (1) the security mechanisms put in place are usable by the different users of the system, and (2) the security of the overall system satisfies the security needs of all its different stakeholders. A failure to address either of these issues can seriously jeopardise the success of e-Science projects. The aim of this paper is to firstly provide a detailed understanding of how these challenges can present themselves in practice in the development of e-Science applications. Secondly, this paper examines the steps that projects can undertake to ensure that security requirements are correctly identified, and security measures are usable by the intended research community. The research presented in this paper is based on four case studies of e-Science projects. Security design traditionally uses expert analysis of risks to the technology and deploys appropriate countermeasures to deal with them. However, these case studies highlight the importance of involving all stakeholders in the process of identifying security needs and designing secure and usable systems. For each case study, transcripts of the security analysis and design sessions were analysed to gain insight into the issues and factors that surround the design of usable security. The analysis concludes with a model explaining the relationships between the most important factors identified. This includes a detailed examination of the roles of responsibility, motivation and communication of stakeholders in the ongoing process of designing usable secure socio-technical systems such as e-Science.
© All rights reserved Flechais and Sasse and/or Academic Press
Inglesant, Philip, Sasse, M. Angela, Chadwick, David and Shi, Lei Lei (2008): Expressions of expertness: the virtuous circle of natural language for access control policy specification. In: Proceedings of the 2008 Symposium on Usable Privacy and Security 2008. pp. 77-88.
The implementation of usable security is particularly challenging in the growing field of Grid computing, where control is decentralised, systems are heterogeneous, and authorization applies across administrative domains. PERMIS, based on the Role-Based Access Control (RBAC) model, provides a unified infrastructure to address these challenges. Previous research has found that resource owners who do not understand the PERMIS RBAC model have difficulty expressing access control policies. We have addressed this issue by investigating the use of a controlled natural language parser for expressing these policies. In this paper, we describe our experiences in the design, implementation, and evaluation of this parser for the PERMIS Editor. We began by understanding Grid access control needs as expressed by resource owners, through interviews and focus groups with 45 Grid practitioners. We found that the many areas of Grid computing use present varied security requirements; this suggests a minimal, open design. We designed and implemented a controlled natural language system to support these needs, which we evaluated with a cross-section of 17 target users. We found that participants were not daunted by the text editor, and understood the syntax easily. However, some strict requirements of the controlled language were problematic. Using controlled natural language helps overcome some conceptual mis-matches between PERMIS RBAC and older paradigms; however, there are still subtleties which are not always understood. In conclusion, the parser is not sufficient on its own, and should be seen in the interplay with other parts of the PERMIS Editor, so that, iteratively, users are helped to understand the underlying PERMIS model and to express their security policies more accurately and more completely.
© All rights reserved Inglesant et al. and/or ACM Press
Show list on your website
Join our community and advance:
Changes to this page (author)09 Nov 2012: Modified03 Apr 2012: Modified
05 Jul 2011: Modified
18 Nov 2010: Modified
03 Nov 2010: Modified
02 Nov 2010: Modified
08 Sep 2009: Modified
08 Apr 2009: Added
Page maintainer: The Editorial Team