A Set of Heuristics for Usable Security and User Authentication

Currently, computer security is one of the most important tasks for supporting critical business process and protecting sensitive information. However, security problems for computer systems include vulnerabilities because they are hard to use and have poor user interfaces due to security constraints. Nowadays, finding a good trade-off between security and usability is a challenge, mainly for user authentication services. In this paper is presented a set of 153 heuristics as a tool to evaluate the grade of achievement in some applications according to security, usability and other characteristics for user authentication (e.g. performance, accessibility, operability and reliability). The main contribution of this work is to propose a possible standardization of these heuristics by formulating them in interrogative sentences to facilitate the evaluation of usable security and user authentication. Each heuristic is accompanied by comments that facilitate their evaluation.