Security experts frequently refer to people as “the weakest link in the chain” of system
security. Famed hacker Kevin Mitnick revealed that he hardly ever cracked a password,
because it “was easier to dupe people into revealing it” by employing a range of social
engineering techniques. Often, such failures are attributed to users’ carelessness and
ignorance. However, more enlightened researchers have pointed out that current security
tools are simply too complex for many users, and they have made efforts to improve
user interfaces to security tools. In this chapter, we aim to broaden the current perspective,
focusing on the usability of security tools (or products) and the process of designing
secure systems for the real-world context (the panorama) in which they have to operate.
Here we demonstrate how current human factors knowledge and user-centered design
principles can help security designers produce security solutions that are effective in practice