course: Human Aspects of Cryptography Adoption and Use

teaching methods:
lecture with tutorials
e-learning, internet, Moodle, computer based presentation
responsible person:
Prof. Dr. Martina Angela Sasse
Dr. Leonie Schaewitz (Philosophie und Erziehungswissenschaften), M. Sc. Konstantin Fischer (ETIT), Prof. Dr. Martina Angela Sasse (ETIT)
offered in:
winter term

dates in winter term

  • start: Thursday the 29.10.2020
  • lecture Thursdays: from 10:15 to 11.45 o'clock in Online
  • tutorial Fridays: from 11:15 to 12.45 o'clock in Online


All statements pertaining to examination modalities (for the summer/winter term of 2020) are given with reservations. Changes due to new requirements from the university will be announced as soon as possible.

Date according to prior agreement with lecturer.

Form of exam:oral
Registration for exam:FlexNow


The aim of the lecture is to examine the reasons why
  1. cryptographic solutions – which experts agree offer good protection against most oft the common attacks today – are not adopted by most individuals and organisations, and
  2. end-users, developers and system administrators who do use cryptographic solutions in some form frequently make mistakes that undermine the security protection.


In 1999, Whitten & Tygar’s seminal USENIX paper "Why Johnny Can’t Encrypt" established that people cannot use PGP encryption correctly, even with a graphical user interface and instruction.

Over the past 20 years, there has been a string of Johnny papers on studies trying to encourage adoption or correct usage. The aim of this CASA lecture is to systematically examine the results of these studies and identify effective ways of promoting adoption and enable correct use of cryptography.

  • Usability, utility and technology adoption
  • Security threat models and people’s mental models
  • Complexity or simplicity – who needs to know what?
  • Designing frictionless user journeys
  • Methods for testing and tweaking



recommended knowledge

Lecture "Introduction to Usable Security and Privacy"


Lecture videos will be pre-recorded and uploaded on Tuesdays.

The Tutorial will be held live online, via Zoom on Fridays, 11am.

The number of participants is limited to 30. You have time to enroll until Oct 18, 2020 via e-mail to In the mail please state the following:

  • that you would like to participate in the course
  • the exact name of your study program, the number of semesters in this program so far, and you matriculation number
  • which courses with relevance to this lecture you have already attended (e.g. HCS + mobsec lectures, seminars, internships)

If you like, you may also add 1-2 sentences of motivation.