A security mechanism should not make a resource more difficult to access than if the mechanism were not present. Psychological acceptability demands a low threshold for users to use the mechanism correctly - this can conflict with the goal of higher security.
For example, administrators understand the need for strong passwords. However, users generally do not; the principle of psychological acceptability suggests that passwords must add only minimal overhead.
Back to parent page: Cyber Security and Security Engineering