I went to a seminar talk on usable security today. It seems like a very interesting research area. It's essentially at the intersection of #HCI and #InformationSecurity. There's a tradeoff between being "usable" and being "secure". For example, users want their passwords to be something easy to remember, and something that doesn't take too long to type or unlock. At the same time, they don't (shouldn't) want these passwords to be easily hackable or stolen.
I never understood the 3x3 grid unlock screen on android phones (as means of security measures). They have essentially 9 possible initial states, and you can only choose neighboring nodes at each state because you have to make a continuous pattern, and the entire sequence can have 9 nodes at maximum. It looks like such a small search space for algorithmic solutions.
But what if you increase the action space? The algorithms quickly become intractable. Why not allow discrete AND continuous actions to make patterns? What if you use biometric features as well?
The seminar talk opened up so many questions. I loved it!