DOCSLIB.ORG

The Security–Usability Tradeoffmyth

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
The Security–Usability Tradeoffmyth THE SECURITY–USABILITY TRADEOFF MYTH GUEST EDITORS’ INTRODUCTION Te Security–Usability Tradeof Myth M. Angela Sasse | University College London Matthew Smith | University of Bonn and Fraunhofer FKIE sability problems are the root cause of many of today’s IT security incidents. Security mech- U anisms are ofen too time consuming for people to bother with, or so complex that even those willing to use them make mistakes. For more than a decade, usable security researchers and practitioners have tried to address this problem by creating more usable security solutions. Retail- ers, banks, and communications providers have learned that security that gets in the way of their customers is bad for business. Some organizations"especially those who were “born digital” and have a large customer base"have managed to increase security without impacting business, for instance, by introducing low-efort two-factor authentication and using the data they have to iden- tify unusual behavior paterns. But researchers still identify a disconcerting number of security mechanisms today that induce mistakes or noncompliance, and ultimately put individuals and organizations at risk"or cause consumers to walk away. Tis not only damages digital business but also fosters the unhelpful perception among non–security experts that online security isn’t worth bothering with. As the value of digital transactions continues to increase, so will the number and sophistication of atacks"if the bank robber Willie Suton Jr. were alive today, he would turn to cybercrime, because “that’s where the money is” now. To successfully defend digital business, we need to engage with consumers and ofer them simple and efective security solutions. Tis special issue of IEEE Security & Privacy features three articles and a roundtable discus- sion that examine the relationship between security and usability in detail to identify the per- ceptions, processes, and practices that underlie these continuing problems and to identify what needs to change to move the feld forward. When we examine published usable security research to date, we fnd that most studies have been performed in laboratories with a limited number of participants (ofen students) who were 2 September/October 2016 Copublished by the IEEE Computer and Reliability Societies 1540-7993/16/$33.00 © 2016 IEEE observed on one occasion using a security mechanism. requirement for security to work in the context of busi- Over the past few years, we’ve seen a growing number of ness tasks upfront. Many security experts and devel- studies in which hundreds or thousands of participants, opers in these studies invoked the security–usability recruited via crowdsourcing platforms. In these studies tradeof, which is insidious because it reinforces the participants receive very small payments in return for perception that it’s not necessary to engage with users interacting with a security mechanism and complet- or to understand the tasks uses are engaged in. As Cor- ing surveys. But they use the security mechanisms only mac Herley points out in the roundtable discussion, once or twice, within a couple of days, in the context “Debunking Security–Usability Tradeof Myths,” this of a fctional task that isn’t is “phon[ing] in” an excuse. their own and where Very few participants their money or data in Caputo and her isn’t at risk. Tere’s Pulll quote is approximately 20–25 words. colleagues’ studies a lack of feld studies Pulll quote is approximately 20–25 words. had engaged suf- in real environments Pulll quote is approximately 20–25 words. ciently with usability to understand the Pulll quote is approximately 20–25 words. to realize it would impact that security increase security" mechanisms have because if the secu- on individuals and rity is usable, users businesses. Te article, “Secure and Usable Enterprise will do the security tasks, rather than ignore or circum- Authentication: Lessons from the Field,” by Mary Teo- vent them. fanos and her colleagues, makes a notable contribution As Herley points out, the insidiousness of the pur- because it surveyed more than 30,000 employees of two ported tradeof is that, in the absence of measurements, US government departments on their day-to-day expe- it’s hard to disprove. Te tendency has been to use any riences with two-factor authentication. Te authors hypothetical reduction in security as an excuse for users found that diferent implementations of the same have to bear the cross of workload and complexity that a two-factor technology produced signifcantly diferent security mechanism puts on them. Te roundtable dis- experiences"reminding us that sometimes small dif- cussion, which also featured Heather Lipford and Kami ferences in implementation can make a big diference to Vaniea, revealed that this atitude squanders user aten- those who have to use the security. tion and efort that will be needed as the number and “Barriers to Usable Security? Tree Organiza- sophistication of atacks increase. Vaniea points out that tional Case Studies,” by Deanna D. Caputo and her communication about risks and what consumers need colleagues, reports on three sofware development to do needs improvement"for instance, users aren’t organizations that wanted to provide usable security aware that sofware updates are key to security. solutions. A multidisciplinary team interviewed devel- Although usable security researchers see the value opers, management, and security and usability experts of engaging with end users when designing security who had been involved in the development of a certain mechanisms, many experts do not. It’s common for product from each company. However, the research- experts to believe that they know best and that users ers found no tangible evidence that the products were should invest whatever time and efort they believe is usable. Te companies didn’t perform empirical or ana- necessary. Vaniea ofered this quote from a study con- lytic usability testing and had no criteria or measure- cerning the Windows 10’s update process: “the audacity ments. Similarly, there was litle or no formal security of a user to question the opinion of the expert who put evaluation"and certainly no metrics. Te interviews this update in there is shocking.” Tis kind of atitude is showed that many developers and security experts of course harmful and needs to be studied. We must fnd didn’t understand usability and its contribution to the ways to help experts engage with users. business process. In the absence of formal testing and A further and as yet unstudied area of usable security measurements, usability was mostly a grudge sale: it research is the mistakes made by experts. Many of the became a concern only when the company experienced most catastrophic security incidents weren’t caused by signifcant problems, such as a drop in sales or a signif- consumers or employees, but by developers or admin- cant rise in help-desk calls. istrators. Heartbleed and Shellshock were both caused Sofware-engineering research established 20 years by single developers and had global consequences. Te ago that the later in the process you have to “fx” fun- recent Sony hack compromised an entire multinational damental problems, the more expensive it will be to IT infrastructure and misappropriated more than 100 do so. But Caputo and her colleagues’ studies found Tbytes of data"unnoticed. Fundamentally, every sof- that, nevertheless, the companies didn’t consider the ware vulnerability and misconfgured system is caused www.computer.org/security 3 THE SECURITY–USABILITY TRADEOFF MYTH by developer or administrator mistakes, but very litle research has studied the underlying causalities and pos- sible mitigation strategies. A multitude of factors play into this problem. Te frst is the myth that experts are infallible. Similar to Anne Adams and M. Angela Sasse’s seminal work and call to action, “Users Are Not the Enemy,” we need to rethink our stance concerning Executive Committee (ExCom) Members: Christian experts and recognize that they too are only human and Hansen, President; Dennis Hofman, Jr. Past President; should receive as much if not more assistance than end Jefrey Voas, Sr. Past President; W. Eric Wong, VP users because their mistakes are just as natural but ofen Publications; Carole Graas, VP Meetings and Conferences; more critical. Joe Childs, VP Membership; Shiuhpyng Winston Shieh, Te article “Developers Are Not the Enemy! Te VP Technical Activities; Scott Abrams, Secretary; Robert Need for Usable Security APIs,” by Mathew Green and Loomis, Treasurer; Pradeep Ramuhalli, Secretary Mathew Smith, explores this issue in the context of usability of cryptographic APIs. What makes this area Administrative Committee (AdCom) Members: of research particularly challenging is that it’s far harder Scott Abrams, Evelyn H. Hirt, Charles H. Recchia, Jason W. to recruit experts for usability studies, compared to the Rupe, Alfred M. Stevens, and Jefrey Voas relative ease in recruiting end users. Consequently, we haven’t seen many studies involving experts and this http://rs.ieee.org area remains largely unexplored, leaving many more myths to fnd and bust. Te IEEE Reliability Society (RS) is a technical society within the IEEE, which is the world’s leading professional his is an exciting time for security research" association for the advancement of technology. Te RS is engaged in the engineering disciplines of hardware, software, T a time to examine long-held beliefs about how and human factors. Its focus on the broad aspects of reliability to manage security. We need to use scientifc research allows the RS to be seen as the IEEE Specialty Engineering methods to put countermeasures that pass the test on organization. Te IEEE Reliability Society is concerned with sounder footing, and use measurements to check if we’re attaining and sustaining these design attributes throughout doing beter or worse when we make changes. And of the total life cycle. Te Reliability Society has the management, resources, and administrative and technical course, we need to be prepared to bury the beliefs that structures to develop and to provide technical information turn out to be incorrect.
Load more

Recommended publications
  • Software Quality Management
    Software Quality Management 2004-2005 Marco Scotto ([email protected]) Software Quality Management Contents ¾Definitions ¾Quality of the software product ¾Special features of software ¾ Early software quality models •Boehm model • McCall model ¾ Standard ISO 9126 Software Quality Management 2 Definitions ¾ Software: intellectual product consisting of information stored on a storage device (ISO/DIS 9000: 2000) • Software may occur as concepts, transactions, procedures. One example of software is a computer program • Software is "intellectual creation comprising the programs, procedures, rules and any associated documentation pertaining to the operation of a data processing system" •A software product is the "complete set of computer programs, procedures and associated documentation and data designated for delivery to a user" [ISO 9000-3] • Software is independent of the medium on which it is recorded Software Quality Management 3 Quality of the software product ¾The product should, on the highest level… • Ensure the satisfaction of the user needs • Ensure its proper use ¾ Earlier: 1 developer, 1 user • The program should run and produce results similar to those expected ¾ Later: more developers, more users • Need to economical use of the storage devices • Understandability, portability • User-friendliness, learnability ¾ Nowadays: • Efficiency, reliability, no errors, able to restart without using data Software Quality Management 4 Special features of software (1/6) ¾ Why is software ”different”? • Does not really have “physical” existence
    [Show full text]
  • Quality-Based Software Reuse
    Quality-Based Software Reuse Julio Cesar Sampaio do Prado Leite1, Yijun Yu2, Lin Liu3, Eric S. K. Yu2, John Mylopoulos2 1Departmento de Informatica, Pontif´ıcia Universidade Catolica´ do Rio de Janeiro, RJ 22453-900, Brasil 2Department of Computer Science, University of Toronto, M5S 3E4 Canada 3School of Software, Tsinghua University, Beijing, 100084, China Abstract. Work in software reuse focuses on reusing artifacts. In this context, finding a reusable artifact is driven by a desired functionality. This paper proposes a change to this common view. We argue that it is possible and necessary to also look at reuse from a non-functional (quality) perspective. Combining ideas from reuse, from goal-oriented requirements, from aspect-oriented programming and quality management, we obtain a goal-driven process to enable the quality-based reusability. 1 Introduction Software reuse has been a lofty goal for Software Engineering (SE) research and prac- tice, as a means to reduced development costs1 and improved quality. The past decade has seen considerable progress in fulfilling this goal, both with respect to research ideas and industrial practices (e.g., [1–3]). Current reuse techniques focus on the reuse of software artifacts on the basis of de- sired functionality. However, non-functional properties (qualities) of a software system are also crucial. Systems fail because of inadequate performance, security, reliability, usability, or precision, to name a few. Quality concerns, therefore, should also be front and centre in methods for software reuse. For example, in designing for the NASA Mars Spirit spacecraft, one would not adopt a “cosine” function from an arbitrary mathemat- ical library.
    [Show full text]
  • Design Rules
    Design rules Chapter 7 adapted by Dr. Kristina Lapin, Vilnius University design rules Designing for maximum usability – the goal of interaction design • Principles of usability – general understanding • Standards and guidelines – direction for design • Design patterns – capture and reuse design knowledge types of design rules • principles – abstract design rules – low authority – high generality Guideline s • standards – specific design rules – high authority – limited application increasinggenerality Standards • guidelines generality increasing – lower authority increasing authority increasing authority – more general application Principles to support usability Learnability the ease with which new users can begin effective interaction and achieve maximal performance Flexibility the multiplicity of ways the user and system exchange information Robustness the level of support provided the user in determining successful achievement and assessment of goal- directed behaviour •Predictability •Synthezability Learnability •Familiarity •Generalizability •Consistency Principles of learnability Predictability – determining effect of future actions based on past interaction history – operation visibility Predictability http://www.webbyawards.com/ 7 Principles of learnability Synthesizability – assessing the effect of past actions – immediate vs. eventual honesty Synthesizability 1. 2. 3. 9 Principles of learnability (ctd) Familiarity – how prior knowledge applies to new system – guessability; affordance Principles of learnability (ctd) Generalizability
    [Show full text]
  • Usability Basics for Software Developers Usability Engineering
    focususability engineering Usability Basics for Software Developers Xavier Ferré and Natalia Juristo, Universidad Politécnica de Madrid Helmut Windl, Siemens AG, Germany Larry Constantine, Constantine & Lockwood n recent years, software system usability has made some interesting ad- vances, with more and more organizations starting to take usability seri- ously.1 Unfortunately, the average developer has not adopted these new I concepts, so the usability level of software products has not improved. Contrary to what some might think, us- Usability engineering defines the target us- This tutorial ability is not just the appearance of the user ability level in advance and ensures that the examines the interface (UI). Usability relates to how the software developed reaches that level. The system interacts with the user, and it includes term was coined to reflect the engineering ap- relationship five basic attributes: learnability, efficiency, proach some usability specialists take.3 It is between usability user retention over time, error rate, and sat- “a process through which usability character- and the user isfaction. Here, we present the general us- istics are specified, quantitatively and early in interface and ability process for building a system with the the development process, and measured desired level of usability. This process, which throughout the process.”4 Usability is an is- discusses how most usability practitioners apply with slight sue we can approach from multiple view- the usability variation, is structured around a design- points, which is why many different disci- process follows a evaluate-redesign cycle. Practitioners initiate plines, such as psychology, computer science, design-evaluate- the process by analyzing the targeted users and sociology, are trying to tackle it.
    [Show full text]
  • USABILITY of PROCESSES in ENGINEERING DESIGN Becerril, Lucia; Stahlmann, Jan-Timo; Beck, Jesco; Lindemann, Udo Technical University of Munich, Germany
    21ST INTERNATIONAL CONFERENCE ON ENGINEERING DESIGN, ICED17 21-25 AUGUST 2017, THE UNIVERSITY OF BRITISH COLUMBIA, VANCOUVER, CANADA USABILITY OF PROCESSES IN ENGINEERING DESIGN Becerril, Lucia; Stahlmann, Jan-Timo; Beck, Jesco; Lindemann, Udo Technical University of Munich, Germany Abstract Processes in Engineering Design are generally optimized towards efficiency, quality, costs, risks, etc., however an analysis that includes requirements from the process users' view is missing. Within the last years, the concept of usability has being introduced to examine business processes. This is a promising approach for Engineering Design, by involving process "users" (designers, engineers, software developers, project managers, etc.) in the process planning phase, several issues such as consistency flaws or counter-intuitive information flow can be identified beforehand. This paper aims to explore the transferability of usability concepts and evaluation methods to processes in the field of Engineering Design. The goal of this paper is to set a basis for further studies with regard on how to plan and design processes that interact efficiently, effectively and satisfactorily with the people involved. For this purpose ten process usability attributes are consolidated from the overlap between usability attributes (of products and systems) and process system properties. Moreover, five usability evaluation methods are examined on their applicability for evaluating design processes. Keywords: Design management, Design process, User centred design Contact: Lucia Becerril Technical University of Munich Chair of Product Development Germany [email protected] Please cite this paper as: Surnames, Initials: Title of paper. In: Proceedings of the 21st International Conference on Engineering Design (ICED17), Vol. 2: Design Processes | Design Organisation and Management, Vancouver, Canada, 21.-25.08.2017.
    [Show full text]
  • Quality Attributes and Design Tactics
    Quality Attribute Scenarios and Tactics Chapters 5-11 in Text Some material in these slides is adapted from Software Architecture in Practice, 3rd edition by Bass, Clements and Kazman. J. Scott Hawker/R. Kuehl p. 1 R I T Software Engineering Quality Attributes – Master List • Operational categories • Developmental categories – Availability – Modifiability – Interoperability – Variability – Reliability – Supportability – Usability – Testability – Performance – Maintainability – Deployability – Portability – Scalability – Localizability – Monitorability – Development distributability – Mobility – Buildability – Compatibility – Security – Safety J. Scott Hawker/R. Kuehl p. 2 R I T Software Engineering Achieving Quality Attributes – Design Tactics A system design is a collection of design decisions Some respond to quality attributes, some to achieving functionality A tactic is a design decision to achieve a QA response Tactics are a building block of architecture patterns – more primitive/granular, proven design technique Tactics to Control Stimulus Response Response J. Scott Hawker/R. Kuehl p. 3 R I T Software Engineering Categories of Design Decisions Allocation of responsibilities – system functions to modules Coordination model – module interaction Data model – operations, properties, organization Resource management – use of shared resources Architecture element mapping – logical to physical entities; i.e., threads, processes, processors Binding time decisions – variation of life cycle point of module “connection” Technology choices J. Scott Hawker/R. Kuehl p. 4 R I T Software Engineering Design Checklists Design considerations for each QA organized by design decision category For example, allocation of system responsibilities for performance: What responsibilities will involve heavy loading or time critical response? What are the processing requirements, will there be bottlenecks? How will threads of control be handled across process and processor boundaries? What are the responsibilities for managing shared resources? J.
    [Show full text]
  • Application of User-Centered Design for a Student Case Management System
    IT 11 057 Examensarbete 15 hp August 2011 Application of User-Centered Design for a Student Case Management System Vincent Kahl Institutionen för informationsteknologi Department of Information Technology ! Abstract Application of User-Centered Design for a Student Case Management System Vincent Kahl Teknisk- naturvetenskaplig fakultet UTH-enheten The student office and student counselors of Uppsala University’s IT Department need a new application for organizing and coordinating Besöksadress: student cases. The aim of this thesis is to define a specification for a Ångströmlaboratoriet Lägerhyddsvägen 1 new system. A user-centered design (UCD) approach is taken to Hus 4, Plan 0 ensure that the new application will increase productivity, is usable, and is accepted by the people that will work with it. The employed Postadress: UCD process is a custom adaption of the ISO 9241-210 standard’s Box 536 751 21 Uppsala UCD process proposal. Following the activity cycle of the ISO standard for user-centered design, this specification will understand and Telefon: specify the context of use, specify the user and organizational 018 – 471 30 03 requirements, and produce design solutions that are evaluated against Telefax: the requirements. 018 – 471 30 00 Hemsida: http://www.teknat.uu.se/student Handledare: Lars Oestreicher Ämnesgranskare: Lars Oestreicher Examinator: Anders Jansson IT 11 057 Tryckt av: Reprocentralen ITC ! Table of Contents 1! Introduction ........................................................................................................
    [Show full text]
  • An Analytics Platform for Everyone: Flexibility, Scalability, Usability
    An Analytics Platform for Everyone: Flexibility, Scalability, Usability ALLIANCE Comprehensive analytics and reporting capabilities of WebFOCUS from Information Builders, running on the robust and scalable Teradata® Database redefines self- Information Builders and Teradata service analytics by helping organizations use BI more The Need strategically across the enterprise. BI and analytics are needed more than ever to help The value of BI is best measured by how widely it can organizations succeed and thrive in ever more competi- impact decision making across the enterprise and beyond. tive landscapes. This means extending access to BI and WebFOCUS on Teradata Database answers this need, analytics throughout the enterprise. delivering rich, consumable, interactive information to the widest range of employees, managers, analysts, The Solution partners, and customers. All of this can be done in real- WebFOCUS by Information Builders, running on time, while importing data from a spectrum of disparate Teradata ® Database, provides the industry-leading sources—structured and unstructured data, and present- BI and analytics platform. WebFOCUS dashboards, ing results in award-winning user-friendly dashboards and scorecards, and other features provide self-service, other rich formats. real-time solutions to maximize the benefits of BI and analytics across the organization. The Challenge of Pulling Insights The Benefits from Data • Comprehensive solution serves as a complete BI and analytics platform. Business intelligence has long been mission critical, yet many organizations, bursting with data, are frustrated by • Real-time analytics. the challenges of integrating disparate data sources to • Ease of use and award-winning UI answer the need harness the information generated by every customer, for self-serve BI and analytics.
    [Show full text]
  • Software Quality Assurance „ Process-Based (Conformance to Requirements) „ Product-Based (You Get What You Pay For) „ Transcendent (Excellence)
    Five Views of Quality Value-based (Engineer to price) User-based (Fitness for purpose) Software Quality Assurance Process-based (Conformance to requirements) Product-based (You get what you pay for) Transcendent (Excellence) M8034 @ Peter Lo 2006 1 M8034 @ Peter Lo 2006 2 Software Quality Definition The Definition Emphasize Conformance to explicitly stated functional and Software requirements are the foundation from which performance requirements, explicitly documented quality is measured. Lack of conformance to development standards, and implicit requirements is lack of quality. characteristics that are expected of all Specified standards define a set of development criteria that guide the manner in which software is engineered. If professionally developed software. the criteria are not followed, lack of quality will almost surely result. There is a set of implicit requirements that often goes unmentioned. If software conforms to its explicit requirements, but fails to meet implicit requirements, software quality is suspect. M8034 @ Peter Lo 2006 3 M8034 @ Peter Lo 2006 4 How Important Software Quality? Software Quality Factors It is important to have the understanding that the It can be categorized in two groups: software quality work begins before the testing Factors that can be Directly Measured (e.g. phase and continues after the software is delivered. errors; KLOC; unit-time) Factors that can be Measured only Indirectly (e.g. usability or maintainability) Or, it can be categorized into: Internal – Attributes which can be measured or observed in isolation. External – Attributes which can only be observed in relation to external environment. M8034 @ Peter Lo 2006 5 M8034 @ Peter Lo 2006 6 McCall’s Triangle of Quality McCall’s Triangle of Quality McCall’s quality factors were proposed in the PRODUCT REVISION PRODUCT TRANSITION early 1970s.
    [Show full text]
  • Usability Issues in Software Development Lifecycle
    Volume 3, Issue 8, August 2013 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Usability Issues in Software Development Lifecycle R.Madhavan* Dr.K.Alagarsamy Department Of CSE, Computer Centre Joesuresh Engineering College, Tamilnadu, India Maduraikamaraj University, Tamilnadu, India Abstract: Usability is one of the key quality attributes in software development. It is a factor present in almost all software quality assurance models. There is a close analogy between the terms usability and quality. Usability is an important quality factor for interactive software systems. The usability attributes which contribute to quality of use will include the style and properties of the user interface, the dialogue structure, and the nature of the functionality. The aim of this paper is to improve software quality by finding ways to integrate usability with software quality measurements throughout the life cycle. Keywords: User requirements, design, software architecture, SDLC, software quality. I. Introduction Usability is the extent to which specific users can use a product to their satisfaction in order to effectively and efficiently achieve specific goals in a specific context of use. A number of studies have pointed out a wide range of benefits stemming from usability: it improves productivity and raises team morale, reduces training and documentation costs, improves user productivity, increases e-commerce potential, etc. Additionally, and contrary to what one might think, the cost/benefit ratio of usability is highly worthwhile. Some authors have state that every dollar spent on usability offers a return of $30.25. There are also studies for e-commerce sites that show that a 5% improvement in usability could increase revenues by 10% to 35%.
    [Show full text]
  • Design Principles Usability Evaluation the Design of Everyday Things
    The design of everyday things (Norman, 1990) Design principles The ordinary objects reflect the problems of user Usability interface design ! Door handles Evaluation ! Washing machines ! Telephones ! etc. Introduces the notion of affordance, metaphores, and conceptual models Provides design rules Conceptual model vs. mental model Metaphor Transfer of a relationship between a set of objects to another set of objects in a different domain conceptual mental model model formal informal structured incomplete logical sometimes erroneous image folders of the system electronic desktop designer user office/desktop Affordances Affordances Quality of an object, which allows a user to perform an action The form, the size, the view of the object suggest what we can do with it « Much of everyday knowledge resides in the world, not in the head » (Norman, 1988) Affordances Affordances Button for pressing Dials for turning but action unknown Sliders for These sliding buttons? Affordances Perceived Affordances in this UI? The concept of affordance was first introduced by psychologist James J. Gibson in 1977. Gibson’s affordances are independent of the individual’s ability to recognize them. They depend on their physical capabilities. Norman’s affordances also depend on the individual’s perception. Norman explained that he would rather replace his term by the term « perceived affordances ». Constraints Constraints Our mental models of the mechanics and physics Are these user interfaces effective? help us predict and simulate the operation of an object Mappings Mappings Example: Find the correspondance between the stove Example: Find the correspondance between the stove burners and the controls burners and the controls ...and now? Example: designing a watch Example: designing a watch Conceptual model? Conceptual model? Affordances? Affordances? Mappings? Mappings? ...and user feedback? Norman’s principles (1990) Usability 1.
    [Show full text]
  • Usability Testing Report
    Usability Testing Report Kate Meizner Kristen Droesch Alex Hagenah Jo Polanco Pratt Institute EXECUTIVE(SUMMARY( 2! INTRODUCTION( 4! METHODOLOGY( 5! USER(TEST(PARTICIPANTS( 7! PARTICIPANT(DATA(SUMMARY( 8! FINDINGS(&(RECOMMENDATIONS( 11! FINDING(1:(USERS(HAD(DIFFICULTY(LOCATING(THE(SEARCH(BAR,(AND(DIDN’T(HAVE(CONFIDENCE(USING(IT.( 11! RECOMMENDATION(1:(INCORPORATE(A(SEARCH(BAR(PROMINENTLY(ON(THE(HOMEPAGE.( 11! FINDING(2:(USERS(WERE(OVERWHELMED(BY(THE(MAGNITUDE(OF(THE(SUBJECT(HEADINGS.( 12! RECOMMENDATION(2:(CONDENSE(SUBJECT(HEADINGS(TO(PROVIDE(USERS(WITH(A(MORE(APPROACHABLE(PLATFORM.( 13! FINDING(3:(NO(STATUS(FEEDBACK(FOR(KEYWORD(SEARCHES( 14! RECOMMENDATION(3A:(ADD(A(STATUS(INDICATOR(TO(THE(SEARCH(BOX.( 14! RECOMMENDATION(3B:(PROVIDE(MULTIPLE(SIGNIFIERS(THAT(SEARCH(RETURNS(ARE(RELEVANT.( 15! FINDING(4:(APPLYING(AND(CLEARING(FILTERS(CONFUSED(USERS.( 16! RECOMMENDATION(4:(PROVIDE(STRONGER(FILTRATION(FEEDBACK(BY(MAKING(SELECTIONS(MORE(PROMINENT(ON(THE( PAGE.(CONSOLIDATE(SIGNIFIERS(THAT(CLEAR(FILTER(SELECTIONS.( 16! FINDING(5:(SPECIFIC(EDITS(TO(THE(CURATED(“FEATURED(COLLECTION”(TEMPLATE(WOULD(BUILD(UPON(POSITIVE( FEEDBACK( 18! RECOMMENDATION(5:(MAKE(FEATURED(COLLECTION(MORE(PROMINENT(AND(HIGHLIGHT(ITS(FEATURES.( 18! CONCLUSION( 20! APPENDICES( 21! APPENDIX(1(–(RECRUITMENT(QUESTIONNAIRE( 21! APPENDIX(2(–(PRELTEST(QUESTIONNAIRE( 23! APPENDIX(3(–(MODERATOR’S(SCRIPT( 25! APPENDIX(4(–(TASK(RESULT(SUMMARY( 28! APPENDIX(5(–(SYSTEM(USABILITY(SCALE((SUS)( 29( APPENDIX(6(–(PRIORITY(VISUALIZATION(SCALE( 30! REFERENCES( 32! 1 Executive Summary This report details a usability study conducted by four Pratt Institute evaluators of the PEN America Archive prototype. Launching in Spring 2017, the site features a dynamic search function allowing users to browse several hundred pieces of archived PEN America audio and video content.
    [Show full text]