{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,12]],"date-time":"2026-03-12T15:32:22Z","timestamp":1773329542587,"version":"3.50.1"},"reference-count":83,"publisher":"Emerald","issue":"4","license":[{"start":{"date-parts":[[2021,4,5]],"date-time":"2021-04-05T00:00:00Z","timestamp":1617580800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["ICS"],"published-print":{"date-parts":[[2021,10,26]]},"abstract":"<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Purpose<\/jats:title>\n<jats:p>For decades, literature has reported on the perceived conflict between usability and security. This mutual trade-off needs to be considered and addressed whenever security products are developed. Achieving well-balanced levels of both is a precondition for sufficient security as users tend to reject unusable solutions. To assess it correctly, usability should be evaluated in the context of security. This paper aims to identify and describe universally applicable and solution-independent factors that affect the perceived usability of security mechanisms.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Design\/methodology\/approach<\/jats:title>\n<jats:p>The selected methodology was a systematic literature review during which multiple database resources were queried. Application of predefined selection criteria led to the creation of a bibliography before backward snowballing was applied to minimize the risk of missing material of importance. All 70 included publications were then analyzed through thematic analysis.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Findings<\/jats:title>\n<jats:p>The study resulted in the identification of 14 themes and 30 associated subthemes representing aspects with reported influence on perceived usability in the context of security. While some of them were only mentioned sparsely, the most prominent and thus presumably most significant ones were: simplicity, information and support, task completion time, error rates and error management.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Originality\/value<\/jats:title>\n<jats:p>The identified novel themes can increase knowledge about factors that influence usability. This can be useful for different groups: end users may be empowered to choose appropriate solutions more consciously, developers may be able to avoid common usability pitfalls when designing new products and system administrators may benefit from a better understanding of how to configure solutions and how to educate users efficiently.<\/jats:p>\n<\/jats:sec>","DOI":"10.1108\/ics-10-2020-0167","type":"journal-article","created":{"date-parts":[[2021,4,6]],"date-time":"2021-04-06T08:18:11Z","timestamp":1617697091000},"page":"647-663","source":"Crossref","is-referenced-by-count":26,"title":["Exploring the meaning of usable security \u2013 a literature review"],"prefix":"10.1108","volume":"29","author":[{"given":"Markus","family":"Lennartsson","sequence":"first","affiliation":[]},{"given":"Joakim","family":"K\u00e4vrestad","sequence":"additional","affiliation":[]},{"given":"Marcus","family":"Nohlberg","sequence":"additional","affiliation":[]}],"member":"140","published-online":{"date-parts":[[2021,4,5]]},"reference":[{"key":"key2021102306413168800_ref001","first-page":"137","article-title":"Obstacles to the adoption of secure communication tools","volume-title":"SP 2017","year":"2017"},{"key":"key2021102306413168800_ref002","first-page":"3","article-title":"You are not your developer, either: a research agenda for usable security and privacy research beyond end users","volume-title":"SecDev 2016","year":"2016"},{"key":"key2021102306413168800_ref003","first-page":"153","article-title":"Security, privacy and usability \u2013 a survey of users\u2019 perceptions and attitudes","volume-title":"TrustBus 2015","year":"2015"},{"issue":"5","key":"key2021102306413168800_ref004","doi-asserted-by":"crossref","first-page":"519","DOI":"10.1007\/s00607-017-0546-9","article-title":"A model for evaluating the security and usability of e-banking platforms","volume":"99","year":"2017","journal-title":"Computing"},{"key":"key2021102306413168800_ref005","first-page":"149","article-title":"Usability and security analysis of the KeepKey wallet","volume-title":"ICBC 2019","year":"2019"},{"issue":"12","key":"key2021102306413168800_ref006","first-page":"1157","article-title":"A trade-off model of software requirements for balancing between security and usability issues","volume":"10","year":"2015","journal-title":"International Review on Computers and Software"},{"key":"key2021102306413168800_ref007","first-page":"1","article-title":"The trade-off between usability and security in the context of eGovernment: a mapping study","volume-title":"HCI\u201916","year":"2016"},{"key":"key2021102306413168800_ref008","first-page":"66","article-title":"Improving performance and usability in mobile keystroke dynamic biometric authentication","volume-title":"SPW 2016","year":"2016"},{"issue":"1","key":"key2021102306413168800_ref009","doi-asserted-by":"crossref","first-page":"53","DOI":"10.1108\/ICS-01-2015-0001","article-title":"A study on usability and security features of the android pattern lock screen","volume":"24","year":"2016","journal-title":"Information and Computer Security"},{"key":"key2021102306413168800_ref010","first-page":"69","article-title":"Leading Johnny to water: designing for usability and trust","volume-title":"SOUPS 2015","year":"2015"},{"issue":"3","key":"key2021102306413168800_ref011","doi-asserted-by":"crossref","first-page":"30","DOI":"10.1109\/MIC.2017.57","article-title":"Balancing security and usability in encrypted email","volume":"21","year":"2017","journal-title":"IEEE Internet Computing"},{"key":"key2021102306413168800_ref012","first-page":"113","article-title":"An inconvenient trust: user attitudes toward security and usability tradeoffs for key- directory encryption systems","volume-title":"SOUPS 2016","year":"2016"},{"key":"key2021102306413168800_ref013","first-page":"252","article-title":"Sweet- spotting security and usability for intelligent graphical authentication mechanisms","volume-title":"WI\u201817","year":"2017"},{"key":"key2021102306413168800_ref014","first-page":"85","article-title":"Maybe poor Johnny really cannot encrypt: the case for a complexity theory for usable security","volume-title":"NSPW\u201915","year":"2015"},{"key":"key2021102306413168800_ref015","first-page":"1","article-title":"Biometric authentication on iPhone and android: usability, perceptions, and influences on adoption","year":"2015"},{"issue":"3","key":"key2021102306413168800_ref016","doi-asserted-by":"crossref","first-page":"57","DOI":"10.5815\/ijcnis.2015.03.08","article-title":"Secure usable authentication using strong pass text passwords","volume":"7","year":"2015","journal-title":"International Journal of Computer Network and Information Security"},{"key":"key2021102306413168800_ref017","first-page":"1181","article-title":"Examining security and usability aspects of knowledge-based authentication methods","volume-title":"MIPRO 2019","year":"2019"},{"issue":"2","key":"key2021102306413168800_ref018","doi-asserted-by":"crossref","first-page":"77","DOI":"10.1191\/1478088706qp063oa","article-title":"Using thematic analysis in psychology","volume":"3","year":"2006","journal-title":"Qualitative Research in Psychology"},{"issue":"4","key":"key2021102306413168800_ref019","doi-asserted-by":"crossref","first-page":"571","DOI":"10.1016\/j.jss.2006.07.009","article-title":"Lessons from applying the systematic literature review process within the software engineering domain","volume":"80","year":"2007","journal-title":"Journal of Systems and Software"},{"issue":"5","key":"key2021102306413168800_ref020","doi-asserted-by":"crossref","first-page":"22","DOI":"10.1109\/MSP.2016.95","article-title":"Barriers to usable security? Three organizational case studies","volume":"14","year":"2016","journal-title":"IEEE Security and Privacy"},{"key":"key2021102306413168800_ref021","first-page":"51","article-title":"Design and security assessment of usable multi-factor authentication and single sign-on solutions for mobile applications \u2013 a workshop experience report","volume-title":"IFIP 2018","year":"2018"},{"key":"key2021102306413168800_ref022","unstructured":"Clement, J. (2019), \u201cCyber crime: number of breaches and records exposed 2005- 2018\u201d, available at: www.statista.com\/statistics\/273550\/data-breaches-recorded-in-the-united-states-by-number-of-breaches-and-records-exposed\/ (accessed 11 February 2020)."},{"key":"key2021102306413168800_ref023","unstructured":"Clement, J. (2020), \u201cWorldwide digital population as of January 2020\u201d, available at: www.statista.com\/statistics\/617136\/digital-population-worldwide\/ (accessed 11 February 2020)."},{"key":"key2021102306413168800_ref024","first-page":"1","article-title":"\u2018It\u2019s not actually that horrible\u2019: exploring adoption of two-factor authentication at a university","volume-title":"CHI\u201918","year":"2018"},{"issue":"6","key":"key2021102306413168800_ref025","doi-asserted-by":"crossref","first-page":"89","DOI":"10.1109\/MSP.2014.109","article-title":"Better together: usability and security go hand in hand","volume":"12","year":"2014","journal-title":"IEEE Security and Privacy"},{"key":"key2021102306413168800_ref026","first-page":"160","article-title":"Why Johnny doesn\u2019t use two factor a two-phase usability study of the FIDO U2F security key","volume-title":"FC 2018","year":"2018"},{"key":"key2021102306413168800_ref028","first-page":"166","article-title":"Evaluating user perception of multi-factor authentication: a systematic review","volume-title":"HAISA 2019","year":"2019"},{"key":"key2021102306413168800_ref027","first-page":"28","article-title":"A qualitative study on usability and acceptability of Yubico security key","volume-title":"STAST\u201917","year":"2018"},{"key":"key2021102306413168800_ref029","first-page":"41","article-title":"KeyPocket \u2013 improving security and usability for provider independent login architectures with mobile devices","volume-title":"SecureComm 2015","year":"2015"},{"key":"key2021102306413168800_ref030","first-page":"59","article-title":"Why do they do what they do? A study of what motivates users to (not) follow computer security advice","volume-title":"SOUPS 2016","year":"2016"},{"key":"key2021102306413168800_ref031","first-page":"1034","article-title":"User-centric security: optimization of the security-usability trade-off","volume-title":"ESEC\/FSE\u201915","year":"2015"},{"key":"key2021102306413168800_ref032","first-page":"275","article-title":"Heuristics and models for evaluating the usability of security measures","volume-title":"MuC\u201919","year":"2019"},{"key":"key2021102306413168800_ref033","first-page":"74","article-title":"A user-centered model for usable security and privacy","volume-title":"HAS 2017","year":"2017"},{"issue":"11","key":"key2021102306413168800_ref034","doi-asserted-by":"crossref","first-page":"773","DOI":"10.1007\/s11623-010-0210-4","article-title":"Usable security and privacy","volume":"34","year":"2010","journal-title":"Datenschutz Und Datensicherheit - DuD"},{"key":"key2021102306413168800_ref035","first-page":"661","article-title":"A proposal of a password manager satisfying security and usability by using the secret sharing and a personal server","volume-title":"AINA 2016","year":"2016"},{"key":"key2021102306413168800_ref036","article-title":"The usability canary in the security coal mine: a cognitive framework for evaluation and design of usable authentication solutions","volume-title":"EuroUSEC 2016","year":"2016"},{"key":"key2021102306413168800_ref037","first-page":"727","article-title":"Usable security versus secure usability: an assessment of attributes interaction","volume-title":"ICTERI 2017","year":"2017"},{"key":"key2021102306413168800_ref038","first-page":"400","article-title":"Towards advanced enterprise information systems engineering \u2013 solving resilience, security and usability issues within the paradigms of socio-technical systems","volume-title":"ICEIS 2016","year":"2016"},{"issue":"5","key":"key2021102306413168800_ref039","doi-asserted-by":"crossref","first-page":"40","DOI":"10.1109\/MSP.2016.111","article-title":"Developers are not the enemy! The need for usable security APIs","volume":"14","year":"2016","journal-title":"IEEE Security and Privacy"},{"key":"key2021102306413168800_ref040","first-page":"1","article-title":"An integrated measurement model for evaluating usability attributes","volume-title":"IPAC\u201915","year":"2015"},{"key":"key2021102306413168800_ref041","first-page":"335","article-title":"Usable-security evaluation","volume-title":"HAS 2015","year":"2015"},{"key":"key2021102306413168800_ref042","article-title":"User-centric IT security-how to design usable security mechanisms","volume-title":"arXiv preprint arXiv:1506.07167","year":"2015"},{"key":"key2021102306413168800_ref043","unstructured":"Interaction Design Foundation (2020), \u201cUser experience (UX) design\u201d, available at: www.interaction-design.org\/literature\/topics\/ux-design (accessed 27 march 2020)."},{"key":"key2021102306413168800_ref044","first-page":"99","article-title":"User perceptions of security and usability of mobile-based single password authentication and two-factor authentication","volume-title":"DPM\/CBT 2019","year":"2019"},{"key":"key2021102306413168800_ref045","unstructured":"International Standards Organization (2018), \u201cISO 9241-11:2018(en), ergonomics of human-system interaction\u201d, available at: www.iso.org\/obp\/ui\/#iso:std:iso:9241:\u221211:ed-2:v1:en (accessed 13 February 2020)."},{"key":"key2021102306413168800_ref046","first-page":"483","article-title":"Sound-proof: usable two-factor authentication based on ambient sound","volume-title":"USENIX Security\u201915","year":"2015"},{"key":"key2021102306413168800_ref047","first-page":"1","article-title":"Security and usability in knowledge-based user authentication: a review","volume-title":"PCI\u201916","year":"2016"},{"key":"key2021102306413168800_ref048","first-page":"225","article-title":"Usability and security perceptions of implicit authentication: convenient, secure, sometimes annoying","volume-title":"SOUPS 2015","year":"2015"},{"issue":"6","key":"key2021102306413168800_ref049","first-page":"2939","article-title":"Evaluation of recognition-based graphical password schemes in terms of usability and security attributes","volume":"6","year":"2016","journal-title":"International Journal of Electrical and Computer Engineering"},{"key":"key2021102306413168800_ref050","first-page":"1","article-title":"Procedures for performing systematic reviews","volume":"33","year":"2004","journal-title":"Keele University"},{"key":"key2021102306413168800_ref051","first-page":"1339","article-title":"\u2018I have no idea what I\u2019m doing\u2019 \u2013 on the usability of deploying HTTPS","volume-title":"USENIX Security\u201917","year":"2017"},{"key":"key2021102306413168800_ref052","first-page":"247","article-title":"Exploring the meaning of \u2018usable security\u2019","volume-title":"International Symposium on Human Aspects of Information Security and Assurance","year":"2020"},{"key":"key2021102306413168800_ref053","first-page":"385","article-title":"Confidante: usable encrypted email: a case study with lawyers and journalists","volume-title":"EuroS&P 2017","year":"2017"},{"key":"key2021102306413168800_ref054","first-page":"716","article-title":"A case study of usable security: usability testing of android privacy enhancing keyboard","volume-title":"WASA 2017","year":"2017"},{"key":"key2021102306413168800_ref055","first-page":"399","article-title":"Investigating the computer security practices and needs of journalists","volume-title":"USENIX Security\u201915","year":"2015"},{"issue":"3","key":"key2021102306413168800_ref056","doi-asserted-by":"crossref","first-page":"70","DOI":"10.1109\/MSP.2015.67","article-title":"Biometric authentication on mobile devices","volume":"13","year":"2015","journal-title":"IEEE Security and Privacy"},{"key":"key2021102306413168800_ref057","first-page":"527","article-title":"Usability and security of text passwords on mobile devices","volume-title":"CHI\u201916","year":"2016"},{"key":"key2021102306413168800_ref058","first-page":"373","article-title":"TMGMap: designing touch movement-based geographical password authentication on smartphones","volume-title":"ISPEC 2018","year":"2018"},{"key":"key2021102306413168800_ref059","first-page":"1","article-title":"A systematic mapping study of usability vs security","volume-title":"CEIT 2018","year":"2018"},{"key":"key2021102306413168800_ref060","first-page":"1","article-title":"Developing accessible and usable security (ACCUS) heuristics","volume-title":"CHI EA\u201918","year":"2018"},{"key":"key2021102306413168800_ref061","first-page":"314","article-title":"Interdependencies, conflicts and trade-offs between security and usability: why and how should we engineer them?","volume-title":"EWHCI 2019","year":"2019"},{"issue":"5","key":"key2021102306413168800_ref062","doi-asserted-by":"crossref","first-page":"72","DOI":"10.5815\/ijitcs.2016.05.08","article-title":"Usability and security in user interface design: a systematic literature review","volume":"8","year":"2016","journal-title":"International Journal of Information Technology and Computer Science"},{"key":"key2021102306413168800_ref063","first-page":"205","article-title":"Usability and security: a case study of emergency communication system authentication","volume-title":"EWHCI 2019","year":"2019"},{"key":"key2021102306413168800_ref064","first-page":"393","article-title":"Usability of IT-security in smart grids","volume-title":"e-Energy\u201918","year":"2018"},{"key":"key2021102306413168800_ref065","first-page":"191","article-title":"From usability to secure computing and back again","volume-title":"SOUPS 2019","year":"2019"},{"key":"key2021102306413168800_ref066","first-page":"1","article-title":"A set of heuristics for usable security and user authentication","volume-title":"Interacci\u00f3n\u201916","year":"2016"},{"key":"key2021102306413168800_ref067","first-page":"357","article-title":"A usability study of five two-factor authentication methods","volume-title":"SOUPS 2019","year":"2019"},{"key":"key2021102306413168800_ref068","first-page":"872","article-title":"A tale of two studies: the best and worst of Yubikey usability","volume-title":"SP 2018","year":"2018"},{"issue":"6","key":"key2021102306413168800_ref069","doi-asserted-by":"crossref","first-page":"72","DOI":"10.1109\/MSEC.2019.2933683","article-title":"Johnny\u2019s journey toward usable secure email","volume":"17","year":"2019","journal-title":"IEEE Security and Privacy"},{"key":"key2021102306413168800_ref073","first-page":"916","article-title":"Authentication melee: a usability analysis of seven web authentication systems","volume-title":"WWW\u201915","year":"2015"},{"key":"key2021102306413168800_ref071","first-page":"461","article-title":"Private webmail 2.0: simple and easy-to-use secure email","volume-title":"UIST\u201916","year":"2016"},{"key":"key2021102306413168800_ref072","first-page":"375","article-title":"A comparative usability study of key management in secure email","volume-title":"SOUPS 2018","year":"2018"},{"key":"key2021102306413168800_ref070","doi-asserted-by":"crossref","first-page":"4298","DOI":"10.1145\/2858036.2858400","article-title":"\u2018We\u2019re on the same page\u2019: a usability study of secure email using pairs of novice users","volume-title":"CHI '16","year":"2016"},{"issue":"3","key":"key2021102306413168800_ref074","doi-asserted-by":"crossref","first-page":"80","DOI":"10.1109\/MSP.2015.65","article-title":"Scaring and bullying people into security won\u2019t work","volume":"13","year":"2015","journal-title":"IEEE Security and Privacy"},{"key":"key2021102306413168800_ref075","first-page":"293","article-title":"Picture PassDoodle: usability study","volume-title":"BigDataService 2018","year":"2018"},{"key":"key2021102306413168800_ref076","first-page":"2903","article-title":"A spoonful of sugar? The impact of guidance and feedback on password-creation behavior","volume-title":"CHI\u201915","year":"2015"},{"key":"key2021102306413168800_ref077","doi-asserted-by":"crossref","first-page":"21","DOI":"10.1145\/2818000.2818007","article-title":"On the security and usability of crypto phones","volume-title":"ACSAC 2015","year":"2015"},{"key":"key2021102306413168800_ref078","first-page":"29","article-title":"Is that you, Alice? A usability study of the authentication ceremony of secure messaging applications","volume-title":"SOUPS 2017","year":"2017"},{"key":"key2021102306413168800_ref079","first-page":"603","article-title":"On the security and usability of segment-based visual cryptographic authentication protocols","volume-title":"CCS\u201916","year":"2016"},{"key":"key2021102306413168800_ref080","article-title":"Participatory design for security-related user interfaces","volume-title":"Proc. USEC","year":"2015"},{"key":"key2021102306413168800_ref081","first-page":"169","article-title":"Why Johnny can\u2019t encrypt: a usability evaluation of PGP 5.0","volume-title":"USENIX Security\u201999","year":"1999"},{"key":"key2021102306413168800_ref082","first-page":"38","article-title":"Guidelines for snowballing in systematic literature studies and a replication in software engineering","volume-title":"EASE\u201914","year":"2014"},{"key":"key2021102306413168800_ref083","first-page":"1","article-title":"\u2018Pretty close to a must-have\u2019: balancing usability desire and security concern in biometric adoption","volume-title":"CHI\u201919","year":"2019"}],"container-title":["Information &amp; Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-10-2020-0167\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-10-2020-0167\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T01:23:15Z","timestamp":1753406595000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/29\/4\/647-663\/105364"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,4,5]]},"references-count":83,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2021,4,5]]},"published-print":{"date-parts":[[2021,10,26]]}},"alternative-id":["10.1108\/ICS-10-2020-0167"],"URL":"https:\/\/doi.org\/10.1108\/ics-10-2020-0167","relation":{},"ISSN":["2056-4961","2056-4961"],"issn-type":[{"value":"2056-4961","type":"print"},{"value":"2056-4961","type":"print"}],"subject":[],"published":{"date-parts":[[2021,4,5]]}}}