Principle of psychological acceptability: Difference between revisions
John Leach (talk | contribs) m (Text replacement - "{{subpages}}" to "{{PropDel}}<br><br>{{subpages}}") |
Pat Palmer (talk | contribs) mNo edit summary |
||
Line 1: | Line 1: | ||
{{subpages}} | |||
{{TOC|right}} | {{TOC|right}} | ||
The principle of psychological acceptability was proposed as one of the [[design patterns]] for [[computer security]] by Jerome Saltzer and Michael Schroeder in their seminal paper ''The Protection of Information in Computer Systems''<ref>http://web.mit.edu/Saltzer/www/publications/protection/</ref>. Psychological acceptability is a the idea that the security mechanisms of a computer system should align as closely as possible to the functional expectations of system users. By providing security mechanisms that do not burden or inconvenience users, architects can achieve security without alienation users or encouraging them to find ways to avoid security mechanisms. | The principle of psychological acceptability was proposed as one of the [[design patterns]] for [[computer security]] by Jerome Saltzer and Michael Schroeder in their seminal paper ''The Protection of Information in Computer Systems''<ref>http://web.mit.edu/Saltzer/www/publications/protection/</ref>. Psychological acceptability is a the idea that the security mechanisms of a computer system should align as closely as possible to the functional expectations of system users. By providing security mechanisms that do not burden or inconvenience users, architects can achieve security without alienation users or encouraging them to find ways to avoid security mechanisms. | ||
An example of violating the principle would be to have a software system that requires extremely complex, non-repeatable passwords and ''also'' requires the selection of a new password frequently, such as every three weeks. Invariably, some people will end of writing such passwords down on paper and taping them to their monitors. | |||
==References== | ==References== | ||
<references/> | <references/> |
Revision as of 13:09, 12 August 2024
The principle of psychological acceptability was proposed as one of the design patterns for computer security by Jerome Saltzer and Michael Schroeder in their seminal paper The Protection of Information in Computer Systems[1]. Psychological acceptability is a the idea that the security mechanisms of a computer system should align as closely as possible to the functional expectations of system users. By providing security mechanisms that do not burden or inconvenience users, architects can achieve security without alienation users or encouraging them to find ways to avoid security mechanisms.
An example of violating the principle would be to have a software system that requires extremely complex, non-repeatable passwords and also requires the selection of a new password frequently, such as every three weeks. Invariably, some people will end of writing such passwords down on paper and taping them to their monitors.