Forskningsradar
← Tech & AI
Tech & AI 4.3

Security systems fail because they're too annoying to use, study finds

A comprehensive review of a decade of research reveals that cybersecurity tools sacrifice usability for protection, causing workers to resent and circumvent security measures. The finding matters: companies lose both security and productivity when employees find systems too frustrating to follow, indicating a need to redesign defenses around actual user behavior.

Originaltitel: Annoyed by cybersecurity? Human-centric perspectives on cybersecurity

TL;DR — på svenska

Försämrad användarupplevelse undergräver säkerhetsinvesteringar. Forskare vid Luleå tekniska universitet analyserade tioårig forskning på human-centric cybersecurity och kartlade vad som gjör säkerhetssystem frustrerande att använda. Frekvent lösenordsåterställning och multifaktorautentisering uppfattas som mest opraktiska (33,3 respektive 26,7 procent av respondenterna). Biometrisk inloggning, single sign-on och automatiska säkerhetsuppdateringar rankas istället som användarvänskligt. Studien baseras på systematisk litteraturöversyn enligt PRISMA från 2015–2025 och egen enkät. Resultaten visar att båda-och-strategier — högt säkerhetsvärde utan användarfriction — finns dokumenterade inom utbildning, hälsa, offentlig förvaltning och mjukvara. För IT-ledare innebär detta att konfigurering av autentiseringsflöden påverkar organisatorisk cybersecurity-mognad mer än tekniska kontroller ensamt. Val av leverantörer bör väga användaracceptans tillsammans med hotmodeller.

Abstrakt

<p>Humans play a vital role in designing, developing, implementing, and using technical systems. For this reason, it is crucial to keep humans in the loop at each phase of these systems to make them more secure and user-friendly. There needs to be a balance between using these systems securely and making them easy to use. Today, under pressure to secure our systems from cyberattacks, we primarily focus on making them secure but often overlook making them easy to use. Thus, the objective of this paper is to provide a human-centric perspective on cybersecurity and to introduce a human-centric framework that enables Industry 5.0, where humans have direct interaction with systems and solutions that are more customer-oriented. To carry out this research, the authors have applied the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) guidelines to investigate human-centric research over a 10-year period, from 2015 to 2025. The literature shows that most human-centric research contributions are well-balanced, with conceptual, experimental, and survey approaches each accounting for approximately 64% of the total, indicating a mature blend of theoretical and applied research. These studies are focused on developing structured, strategic approaches that integrate human factors into cybersecurity practices across sectors such as education, government, health, software, smart home networks, and others. To conduct this research, the authors have prepared an anonymous questionnaire with fundamental questions about secure system’s design, which can be easily used. The evaluation results show that frequent password resets (33.3%) and frequent authentication (26.7%) are the most “annoying” cybersecurity measures. Additionally, most respondents consider biometric login the most user-friendly security feature, followed by single sign-on and automatic security patch updates. What is missing in existing literature and studies is a holistic perspective on human-centrism, beyond mere ease of use. We aim to cover that blind spot by introducing our independently developed framework in this paper.</p>

Generera ett redaktionellt utkast på svenska