While Working Around Security

Publikation: Bog/antologi/afhandling/rapportPh.d.-afhandling


  • Niels Raabjerg Mathiasen, Danmark
Users of technology encounter various IT security mechanisms in their everyday
lives. If these mechanisms fail to support everyday activities, they either
get in the way, or the users find a way to work around them. Even though
users manage to carry out everyday activities by using substandard IT security
mechanisms or via workarounds, it will influence their experience of security.
If researchers and designers only focus on IT security artifacts and fail to take
the user experience into account, incorrect processes or workarounds will occur.
Accordingly, to get users to follow the correct process may seem to be a
criterion of success, even though it may yield a less appropriate experience of
This dissertation deals with an improved understanding of IT security sensitive
IT artifacts and presents three design methods, and a framework for addressing
the complexities and contingencies of security experiences in design.
The methods: Mobile probing, Prompted exploration workshops, and Acting
out security involve potential future users in the process of designing IT security
sensitive IT artifacts. Mobile probing collects narratives of user encounters
with IT security. Prompted exploration workshops present the users with
seven themes and involve them in the design of IT security sensitive IT artifacts.
Acting out security lets users try out prototypes in situations where
security handling is infrequent and quick. All three methods have been developed
and deployed as an integral part of a research through design process.
An everyday mobile digital signature solution has been designed, and the design
problem, the design process, and the design results are presented in this
Several of my empirical findings show that the way users experience security
does matter. Users’ experiences of security influence the way they make
sense of, assess, and handle IT security mechanisms. Moreover, I studied cases
in which the users handled IT security sensitive technology in a secure way,
but still had unwanted experiences of security. Through the developed design
methods I was able to activate and access study participants’ prior experiences
of making sense of IT security sensitive technology. Moreover, the methods
helped clarify users’ immediate experience in an encounter with IT security
sensitive technology. The findings were integrated into the design of a digital
signature solution, and in this process I developed a framework for structuring
empirical findings for the design of IT security sensitive IT artifacts.
ForlagDepartment of Computer Science, Aarhus University
Antal sider190
StatusUdgivet - 2012

Note vedr. afhandling

Supervisor: Susanne Bødker

Se relationer på Aarhus Universitet Citationsformater


Ingen data tilgængelig

ID: 36063146