Insufficient Psychological Acceptability

Draft Class

Structure: Simple

Description

The product has a protection mechanism that is too difficult or inconvenient to use, encouraging non-malicious users to disable or bypass the mechanism, whether by accident or on purpose.

Common Consequences 1

Scope: Access Control

Impact: Bypass Protection Mechanism

By bypassing the security mechanism, a user might leave the system in a less secure state than intended by the administrator, making it more susceptible to compromise.

Potential Mitigations 2

Phase: Testing

Where possible, perform human factors and usability studies to identify where your product's security mechanisms are difficult to use, and why.

Phase: Architecture and Design

Make the security mechanism as seamless as possible, while also providing the user with sufficient details when a security decision produces unexpected results.

Demonstrative Examples 3

In "Usability of Security: A Case Study" [REF-540], the authors consider human factors in a cryptography product. Some of the weakness relevant discoveries of this case study were: users accidentally leaked sensitive information, could not figure out how to perform some tasks, thought they were enabling a security option when they were not, and made improper trust decisions.

Enforcing complex and difficult-to-remember passwords that need to be frequently changed for access to trivial resources, e.g., to use a black-and-white printer. Complex password requirements can also cause users to store the passwords in an unsafe manner so they don't have to remember them, such as using a sticky note or saving them in an unencrypted file.

Some CAPTCHA utilities produce images that are too difficult for a human to read, causing user frustration.

References 4

The Protection of Information in Computer Systems

Jerome H. Saltzer and Michael D. Schroeder

Proceedings of the IEEE 63

09-1975

http://web.mit.edu/Saltzer/www/publications/protection/

ID: REF-196

Psychological Acceptability

Sean Barnum and Michael Gegick

15-09-2005

https://web.archive.org/web/20221104163022/https://www.cisa.gov/uscert/bsi/articles/knowledge/principles/psychological-acceptability(2023-04-07)

ID: REF-539

Usability of Security: A Case Study

J. D. Tygar and Alma Whitten

SCS Technical Report Collection, CMU-CS-98-155

15-12-1998

http://reports-archive.adm.cs.cmu.edu/anon/1998/CMU-CS-98-155.pdf

ID: REF-540

24 Deadly Sins of Software Security

Michael Howard, David LeBlanc, and John Viega

McGraw-Hill

2010

ID: REF-44

Applicable Platforms

Languages:

Not Language-Specific : Undetermined

Modes of Introduction

Architecture and Design

Related Weaknesses

ChildOf:

Violation of Secure Design Principles (CWE-657)

ChildOf:

Protection Mechanism Failure (CWE-693)

Taxonomy Mapping

ISA/IEC 62443
ISA/IEC 62443

Notes

OtherThis weakness covers many security measures causing user inconvenience, requiring effort or causing frustration, that are disproportionate to the risks or value of the protected assets, or that are perceived to be ineffective.

MaintenanceThe Taxonomy_Mappings to ISA/IEC 62443 were added in CWE 4.10, but they are still under review and might change in future CWE versions. These draft mappings were performed by members of the "Mapping CWE to 62443" subgroup of the CWE-CAPEC ICS/OT Special Interest Group (SIG), and their work is incomplete as of CWE 4.10. The mappings are included to facilitate discussion and review by the broader ICS/OT community, and they are likely to change in future CWE versions.