Skip to content
Licensed Unlicensed Requires Authentication Published by Oldenbourg Wissenschaftsverlag January 14, 2020

Emerging Trends in Usable Security and Privacy

Florian Alt ORCID logo and Emanuel von Zezschwitz
From the journal i-com


New technologies are constantly becoming part of our everyday life. At the same time, designers and developers still often do not consider the implications of their design choices on security and privacy. For example, new technologies generate sensitive data, enable access to sensitive data, or can be used in malicious ways. This creates a need to fundamentally rethink the way in which we design new technologies. While some of the related opportunities and challenges have been recognized and are being addressed by the community, there is still a need for a more holistic understanding. In this editorial, we will address this by (1) providing a brief historical overview on the research field of ‘Usable Security and Privacy’; (2) deriving a number of current and future trends; and (3) briefly introducing the articles that are part of this special issue and describing how they relate to the current trends and what researchers and practitioners can learn from them.


[1] Abdelrahman, Y., Khamis, M., Schneegass, S., and Alt, F. Stay cool! understanding thermal attacks on mobile-based user authentication. In Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems (New York, NY, USA, 2017), CHI’17, ACM, pp. 3751–3763.10.1145/3025453.3025461Search in Google Scholar

[2] Adams, A., Sasse, M. A., and Lunt, P. Making passwords secure and usable. In People and Computers XII. Springer, 1997, pp. 1–19.10.1007/978-1-4471-3601-9_1Search in Google Scholar

[3] Alzubaidi, A., and Kalita, J. Authentication of smartphone users using behavioral biometrics. IEEE Communications Surveys Tutorials 18, 3 (thirdquarter 2016), 1998–2026.10.1109/COMST.2016.2537748Search in Google Scholar

[4] Buschek, D., De Luca, A., and Alt, F. Improving accuracy, applicability and usability of keystroke biometrics on mobile touchscreen devices. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems (New York, NY, USA, 2015), CHI’15, ACM, pp. 1393–1402.10.1145/2702123.2702252Search in Google Scholar

[5] Buschek, D., De Luca, A., and Alt, F. Evaluating the influence of targets and hand postures on touch-based behavioural biometrics. In Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems (New York, NY, USA, 2016), CHI’16, ACM, pp. 1349–1361.10.1145/2858036.2858165Search in Google Scholar

[6] Fano, R. M., and Corbató, F. J. Time-sharing on computers. Scientific American 215, 3 (1966), 128–143.10.1038/scientificamerican0966-128Search in Google Scholar

[7] Florêncio, D., Herley, C., and Van Oorschot, P. C. Password portfolios and the finite-effort user: Sustainably managing large numbers of accounts. In 23rd USENIX Security Symposium (USENIX Security 14) (2014), pp. 575–590.Search in Google Scholar

[8] Garfinkel, S., and Lipford, H. R. Usable security: History, themes, and challenges. Synthesis Lectures on Information Security, Privacy, and Trust 5, 2 (2014), 1–124.10.2200/S00594ED1V01Y201408SPT011Search in Google Scholar

[9] George, C., Khamis, M., von Zezschwitz, E., Burger, M., Schmidt, H., Alt, F., and Hussmann, H. Seamless and secure vr: Adapting and evaluating established authentication systems for virtual reality. NDSS.Search in Google Scholar

[10] Harbach, M., von Zezschwitz, E., Fichtner, A., Luca, A. D., and Smith, M. It’s a hard lock life: A field study of smartphone (un)locking behavior and risk perception. In 10th Symposium On Usable Privacy and Security (SOUPS 2014) (Menlo Park, CA, July 2014), USENIX Association, pp. 213–230.Search in Google Scholar

[11] Herley, C., Van Oorschot, P. C., and Patrick, A. S. Passwords: If we’re so smart, why are we still using them? In International Conference on Financial Cryptography and Data Security (2009), Springer, pp. 230–237.10.1007/978-3-642-03549-4_14Search in Google Scholar

[12] Kuyoro, S., Ibikunle, F., and Awodele, O. Cloud computing security issues and challenges. International Journal of Computer Networks (IJCN) 3, 5 (2011), 247–255.Search in Google Scholar

[13] Li, F., Rogers, L., Mathur, A., Malkin, N., and Chetty, M. Keepers of the machines: examining how system administrators manage software updates. In Proceedings of the Fifteenth USENIX Conference on Usable Privacy and Security (2019), USENIX Association, pp. 273–288.Search in Google Scholar

[14] Muaaz, M., and Mayrhofer, R. Smartphone-based gait recognition: From authentication to imitation. IEEE Transactions on Mobile Computing 16, 11 (Nov 2017), 3209–3221.10.1109/TMC.2017.2686855Search in Google Scholar

[15] Naiakshina, A., Danilova, A., Gerlitz, E., von Zezschwitz, E., and Smith, M. “if you want, i can store the encrypted password”: A password-storage field study with freelance developers. In Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems (2019), ACM.10.1145/3290605.3300370Search in Google Scholar

[16] Prange, S., von Zezschwitz, E., and Alt, F. Vision: Exploring challenges and opportunities for usable authentication in the smart home. In 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) (2019), IEEE, pp. 154–158.10.1109/EuroSPW.2019.00024Search in Google Scholar

[17] Saltzer, J. H., and Schroeder, M. D. The protection of information in computer systems. Proceedings of the IEEE 63, 9 (1975), 1278–1308.10.1109/PROC.1975.9939Search in Google Scholar

[18] Sasse, M. A., and Flechais, I. Usable security: Why do we need it? how do we get it? O’Reilly, 2005.Search in Google Scholar

[19] Schneegass, S., Oualil, Y., and Bulling, A. Skullconduct: Biometric user identification on eyewear computers using bone conduction through the skull. In Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems (New York, NY, USA, 2016), CHI’16, ACM, pp. 1379–1384.10.1145/2858036.2858152Search in Google Scholar

[20] Stobert, E., and Biddle, R. The password life cycle: user behaviour in managing passwords. In 10th Symposium On Usable Privacy and Security (SOUPS 2014) (2014), pp. 243–255.Search in Google Scholar

Published Online: 2020-01-14
Published in Print: 2019-11-18

© 2019 Walter de Gruyter GmbH, Berlin/Boston