Phishing and Usable Security

From Cryptogram: a paper from Rachna Dhamija and Doug Tygar researchers at the University of California Berkeley outlines a scheme to improve the tools in the hands of the users to fight the problem of phishing.

They describe a couple of protocols, to be implemented by the browser and the server which can augment the trust a user might pose in the interaction with a web application.

The main point made by the article is that the challenges posed by phishing can and should be solved taking into account the usability of the solution for the user, therefore they start by posing the accent on some security properties which sould be addressed by any solution to this problem (and therefore suggest a metodology to test anti-phishing approaches).
I find that these properties might have a more general application to secure software/service development.

Taking into account usability of a security protocol makes it more effective by easing the burden for the human user (which is often the weakest link in the protocol).

A search on google show a good deal of infos on security and usability (some interesting articles i found are here, among these the Usable Security blog).