Security user studies: methodologies and best practices

Interest in usable security -- the research, development, and study of systems that are both usable and secure -- has been growing both in the CHI and information security communities in the past several years. Despite this interest, however, the process of designing and conducting security-related user studies remains extremely difficult. Users deal with security infrequently and irregularly, and most do not notice or care about security until it is missing or broken. Security is rarely a primary goal or task of users, making many traditional HCI evaluation techniques difficult or even impossible to use. This workshop will bring together researchers and practitioners from the HCI and information security communities to explore methodological challenges and best practices for conducting security-related user studies.