Principle of psychological acceptability

From Citizendium
Revision as of 06:01, 7 October 2024 by Suggestion Bot (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
This article is a stub and thus not approved.
Main Article
Discussion
Related Articles  [?]
Bibliography  [?]
External Links  [?]
Citable Version  [?]
 
This editable Main Article is under development and subject to a disclaimer.

The principle of psychological acceptability was proposed as one of the design patterns for computer security by Jerome Saltzer and Michael Schroeder in their seminal paper The Protection of Information in Computer Systems[1]. Psychological acceptability is a the idea that the security mechanisms of a computer system should align as closely as possible to the functional expectations of system users. By providing security mechanisms that do not burden or inconvenience users, architects can achieve security without alienation users or encouraging them to find ways to avoid security mechanisms.

An example of violating the principle would be to have a software system that requires extremely complex, non-repeatable passwords and also requires the selection of a new password frequently, such as every three weeks. Invariably, some people will end of writing such passwords down on paper and taping them to their monitors.

References