Aug 18, 2015

Why Johnny Can't Encrypt: Doug Tygar's Landmark Paper Stands the Test of Time

School of Information professor Doug Tygar was awarded the 2015 USENIX Security “Test of Time” Award for his landmark 1999 paper “Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0.” The award recognizes outstanding work in security research that has had a lasting impact on the community.

The paper, co-authored with Alma Whitten, then a visiting researcher at the School of Information, analyzed the importance of user interface and user experience design for the success of computer security applications.

“Security mechanisms are only effective when used correctly,” wrote Whitten and Tygar in 1999. “User errors cause or contribute to most computer security failures, yet user interfaces for security still tend to be clumsy, confusing, or near-nonexistent.”

The paper was one of the first to address the importance of user interfaces for security; sixteen years later, user experience problems remain one of the leading barriers to effective computer security, and Tygar and Whitten’s paper remains a cogent analysis of those challenges.

Doug Tygar is a professor of computer science and information management at UC Berkeley; he works in the areas of computer security, privacy, and electronic commerce. His current research includes privacy, security issues in sensor webs, digital rights management, and usable computer security. He has written three books, designed cryptographic postage standards for the US Postal Service, and helped build a number of security and electronic commerce systems including Strongbox, Dyad, Netbill, and Micro-Tesla.

The USENIX Security Test of Time Award was presented August 12 at the USENIX Security Symposium in Washington, D.C.


Alma Whitten and J. D. Tygar. “Why Johnny can't encrypt: a usability evaluation of PGP 5.0”. In Proceedings of the 8th conference on USENIX Security Symposium - Volume 8 (SSYM'99), USENIX Association, Berkeley, CA, USA, p. 14. 1999.
Doug Tygar
Doug Tygar

Last updated:

October 4, 2016