Usable Security Tasks

1. Critique usability of a website or a security tool. Students can be shown videos of user testing to get an idea of what to look for. (this can be easily incorporated with other labs, e.g. PGP, S-Tools (steganography), Zenmap etc.
2. Try to ascertain usability of fingerprint based biometric systems (security, usability) by trying out different values of threshold.
3. Come up with a usable secure password policy (or any other security policy) analyzing from three perspectives: Defense, Offense and Use.
4. Come up with cognitive questions that are both secure and usable. You can also give examples of unsecure questions: what color is the sky (only two common answers) and non-usable questions (what was your February account balance?).
5. Assess the usability of Windows Access Control. How usable it is set a given access control policy?
6. Come up with usable access control policy for a given application scenario thinking from three perspectives.
7. Develop written policies for protecting your employees from phishing.
8. What technical safeguards, programs, and processes could you put in place to defend against social engineering in your family? Write a security policy to protect your family members from social engineering.
9. Understanding users' mental model: try to find out what makes your friend trusts a website.
10. How easy it is to verify the authenticity of a website by verifying its certificate? What can be done to improve the usable security?
11. How easy is to set the privacy settings on your web browser? What improvements can you suggest?
12. Design a usable login interface that helps users set a secure password by giving realtime feedback on the strength of password. (Design techniques such as parallel design, participatory design, etc. can be applied).

Top