#26032
Five years ago, having access to the Internet and a healthy computer required quite a low level of knowledge. Now, you need a veritable technology armory to stand any hope of staying safe.
Usability by Design (2005). Articles>Usability>Security
#27536
Password Security: What Users Know and What They Actually Do
This study investigated the common password generation practices of online users. Three hundred and fifteen undergraduate and graduate students completed a survey querying (1) the types and number of different password protected accounts maintained; (2) actual practices used in generating, storing and using passwords; (3) practices believed they should use in generating and storing passwords; and (4) general demographic information. Results indicate that, in general, users do not vary the complexity of passwords depending on the nature of the site (bank account vs. instant messenger) or change their passwords on any regular basis if it is not required by the site. Users report using lower case letters, numbers or digits, personally meaningful numbers and personally meaningful words when creating passwords, despite the fact that they realize that these methods may not be the most secure.
Riley, Shannon. Usability News (2006). Articles>Usability>Security
#11868
A big lie of computer security is that security improves as password complexity increases. In reality, users simply write down difficult passwords, leaving the system vulnerable. Security is better increased by designing for how people actually behave.
Nielsen, Jakob. Alertbox (2000). Articles>Web Design>Usability>Security
#25235
User Education Is Not the Answer to Security Problems
Internet scams cannot be thwarted by placing the burden on users to defend themselves at all times. Beleaguered users need protection, and the technology must change to provide this.
Nielsen, Jakob. Alertbox (2004). Articles>Usability>Security
#32139
The Security Dilemma: Balancing Robustness and Usability 
Heisenberg's uncertainty principle says the more you try to know about a particle's position, the less you can know about its momentum. A similar dilemma affects IT security. It seems the more features you load into a product, the less usable it can be.
Henneman, Richard and Michael A. Hughes. Cutter IT Journal (2008). Articles>Usability>Security
#34891
Usability suffers when users type in passwords and the only feedback they get is a row of bullets. Typically, masking passwords doesn't even increase security, but it does cost you business due to login failures.
Nielsen, Jakob. Alertbox (2009). Articles>Web Design>Security>Usability
#34892
ユーザがパスワードを打ち込んでも、黒い点の列でしかフィードバックが返ってこないとき、ユーザビリティは損なわれている。パスワードを隠したからといって、セキュリティは強化されないことが多く、逆に、ログインの失敗によって、あなたのビジネスに悪影響を及ぼす。
Nielsen, Jakob. Usability.gr.jp (2009). (Japanese) Articles>Web Design>Security>Usability
