Talk written in partnership with Guy Podjarny
When a user opens Facebook, he wants to post a picture. When she logs into her bank, she wants to see her balance. For our users, security is not front of mind. If it gets in their way – they’re likely to look for a shortcut or skip it entirely. And yet, we consistently push security decisions to users, ranging from passwords to security warnings, usually resulting in an experience that’s neither usable nor secure.
This talk shares examples that aspire to solve the problem, best practices, and discusses how to provide a secure experience that doesn’t alienate users.
82. USABLE SECURITY
RESOURCES
▸ Transforming the ‘weakest link’ – a human/computer interaction approach to usable and effective
security (M A Sasse, S Brushoff, D Weirich)
▸ Learning from “Shadow Security” (Iacovos Kirlappos, Simon Parkin, M. Angela Sasse)
▸ Users are not the enemy (Anne Adams, Martina Angela Sasse)
▸ Experimenting at scale with Google Chrome’s SSL Warning (Adrienne Porter Felt, Hazim Almuhimedi,
Sunny Consolvo)
▸ Improving SSL Warnings: Comprehension & Adherence (Adrienne Porter Felt, Alex Ainslie, Robert W.
Reeder, Sunny Consolvo, Somas Thyagaraja, Alan Bettes, Helen Harris, Jeff Grimes)
▸ The Emperor’s New Security Indicators (Stuart E. Schechter, Rachna Dhamija, Andy Ozment, Ian
Fischer)