(A sub-section of the NoteIndex) [Maritza is drafting this section. See discussion in email. Inputs from others welcome.]

This section will list usability and security principles we will aim to conform to in our presentation recommendations. Mez has boldfaced an initial set in the SharedBookmarks.

Design Principles

This list of design principles includes ideas from the more general area of human-computer interaction as well as ideas that have been suggested specifically for designing usable security.

Characteristics of the Typical User that Affect Design

The following list includes characteristics as observed in prior user studies. The referenced user studies were conducted with a limited user group and with the data gathered may not be exactly representative of the average user, however, until a more widely deployed user study is conducted, this is the data we have available.

(Tyler: let me know if you want this in full sentences instead of bullets. If you think we should include stats from the studies I might be able to extract some numbers from the paper where applicable)

Suggested User Study to Better Identify the Typical User

[This subsection is from Michael McCormick's email. This seems like a good place for this info if we plan on including it in the note. If anyone knows of a better place for it ... ]

Given the limited amount of data available regarding the typical user's knowledge of security as it relates to the internet, it may be helpful to conduct a user study with a larger and more diverse participant pool with the following objectives: