Post on 13-Apr-2017
transcript
Security vs UX Deathmatch
@ccollingridge@Avecto@nuxuk
Security is human
We’re not making good design decisions
We can do better
Security is human
We’re not making good design decisions
We can do better
Security is human
We’re not making good design decisions
We can do better
Overloading memory
Nihilistic password security questions (by Soheil Rezayazdi)
What is the name of your least favorite child?
In what year did you abandon your dreams?
What is the maiden name of your father’s mistress?
At what age did your childhood pet run away?
In what city did you first experience ennui?
What is your ex-wife’s newest last name?
What sports team do you fetishize to avoid meaningful discussion with others?
What is the name of your favorite canceled TV show?
What was the middle name of your first rebound?
On what street did you lose your childlike sense of wonder?
Technically driven barriers
Relying on users making good decisions
MyOnlineSecurity
Not promoting good practice
Security is human
We’re not making good design decisions
We can do better
Encourage
two-factor
Stand on the
shoulders of giants
Start thinking about biometrics
Encourage passphrases
Password-less login
“Regular password changing harms rather than improves
security, so avoid placing this burden on users. However,
users must change their passwords on indication or
suspicion of compromise.”
Don’t break
password managers
Set safe
defaults; be
proactive
Create secure-by-design places
Security is not an inconvenience, but a human need
Good security serves your user, your organisation, and the wider world
You can design for better security and less friction
Joachim S. Müller
Security vs UX DeathmatchRomanceBe the love you want to feel
@ccollingridge
@Avecto
@nuxuk