security vs. ux
TRANSCRIPT
Security vs UX Deathmatch
@ccollingridge@Avecto@nuxuk
Security is human
We’re not making good design decisions
We can do better
Security is human
We’re not making good design decisions
We can do better
Kamyar Adl
Troy Tolley
Mike Photo Art
Jenn Durfey
Chaoyue超越 PAN 潘
Surian Soosay
Alexandra Bolzer
Security is human
We’re not making good design decisions
We can do better
Steve Way
Overloading memory
Jason Kottke
Nihilistic password security questions (by Soheil Rezayazdi)
What is the name of your least favorite child?
In what year did you abandon your dreams?
What is the maiden name of your father’s mistress?
At what age did your childhood pet run away?
In what city did you first experience ennui?
What is your ex-wife’s newest last name?
What sports team do you fetishize to avoid meaningful discussion with others?
What is the name of your favorite canceled TV show?
What was the middle name of your first rebound?
On what street did you lose your childlike sense of wonder?
Technically driven barriers
Troy Hunt
Relying on users making good decisions
Alec Meer
Amanda French
MyOnlineSecurity
Not promoting good practice
Security is human
We’re not making good design decisions
We can do better
Bill Boaden
@Elgarfrombeyond
Encourage
two-factor
Stand on the
shoulders of giants
Start thinking about biometrics
Encourage passphrases
Password-less login
“Regular password changing harms rather than improves
security, so avoid placing this burden on users. However,
users must change their passwords on indication or
suspicion of compromise.”
Don’t break
password managers
Set safe
defaults; be
proactive
Create secure-by-design places
Security is not an inconvenience, but a human need
Good security serves your user, your organisation, and the wider world
You can design for better security and less friction
Joachim S. Müller
Security vs UX DeathmatchRomanceBe the love you want to feel
@ccollingridge
@Avecto
@nuxuk