security-centered design

SECURITY-CENTERED

DESIGNChris Shiflett

shiflett.org@shiflett

Tuesday, February 21, 12

Tuesday, February 21, 12

STOP

Tuesday, February 21, 12

STOPCollaborate & Listen

Tuesday, February 21, 12

Tuesday, February 21, 12

Who am I? Web craftsman from Brooklyn, NY, working on Mapalong and Brooklyn Beta from Studiomates.

Tuesday, February 21, 12

Psychology Fun– Ambient Signifiers, Change Blindness

Authentication & Phishing– Password Anti-Pattern, OAuth, Facebook Connect

Examples– SmugMug Privacy, Facebook Worm, Twitter Don’t Click

TALK OUTLINE

Tuesday, February 21, 12

AMBIENT SIGNIFIERS

Tuesday, February 21, 12

Tokyo Subway

Tuesday, February 21, 12

Tokyo Subway

Tuesday, February 21, 12

Ambient Umbrella

Tuesday, February 21, 12

Ambient SSL

Tuesday, February 21, 12

Login Seals

Tuesday, February 21, 12

CHANGE BLINDNESS

Tuesday, February 21, 12

Tuesday, February 21, 12

STOP

Tuesday, February 21, 12

STOPHammertime

Tuesday, February 21, 12

Tuesday, February 21, 12

Tuesday, February 21, 12

Tuesday, February 21, 12

Tuesday, February 21, 12

Tuesday, February 21, 12

DERREN BROWN

Tuesday, February 21, 12

PASSWORDANTI-PATTERN

Tuesday, February 21, 12

Tuesday, February 21, 12

Tuesday, February 21, 12

OAUTHhttp://shiflett.org/blog/2010/sep/twitter-oauth

Tuesday, February 21, 12

Tuesday, February 21, 12

FACEBOOK CONNECT

Tuesday, February 21, 12

Tuesday, February 21, 12

Tuesday, February 21, 12

Tuesday, February 21, 12

THE WEB IS NOT OBVIOUS

Tuesday, February 21, 12

Tuesday, February 21, 12

OPENIDhttp://openid.net/

OAUTHhttp://oauth.net/

OPENID & OAUTH HYBRIDhttp://j.mp/openidoauth

SHARED RESPONSIBILITYhttp://simonwillison.net/2009/Jul/16/responsibility/

Tuesday, February 21, 12

SMUGMUG PRIVACY

Tuesday, February 21, 12

Tuesday, February 21, 12

Pave the cow paths. Accommodate users’ expectations and tendencies; don’t try to modify them.

Tuesday, February 21, 12

Tuesday, February 21, 12

Be Humble

Tuesday, February 21, 12

FACEBOOK WORM

Tuesday, February 21, 12

Tuesday, February 21, 12

Tuesday, February 21, 12

TWITTER DON’T CLICK

Tuesday, February 21, 12

Tuesday, February 21, 12

Tuesday, February 21, 12

Tuesday, February 21, 12

Tuesday, February 21, 12

Security and User Experience– http://shiflett.org/blog/2008/jan/security-and-user-experience

Ambient Signifiers– http://shiflett.org/blog/2007/feb/ambient-signifiers

Facebook Worm– http://shiflett.org/blog/2008/nov/facebook-worm

Twitter Don’t Click Exploit– http://shiflett.org/blog/2009/feb/twitter-dont-click-exploit

RELATED POSTS

Tuesday, February 21, 12

Tree– http://flickr.com/photos/stuckincustoms/529110230

Cow path– http://flickr.com/photos/suda/672714986

My backyard– http://flickr.com/photos/shiflett/3261447115

PHOTOS

Tuesday, February 21, 12

Tuesday, February 21, 12

Follow me on Twitter– @shiflett

Comment on my blog– shiflett.org

Email me– chris@shiflett.org

FEEDBACK?

Tuesday, February 21, 12