Beyond the
      Padlock
Security UI for the Distracted

        Johnathan Nightingale
                 Human Shield
     ...
why are you here?
maybe you’re a
security geek
or a visual designer
maybe you just like
Firefoxen
(Who doesn’t?)
you’re someone who
cares about security UI
you’re someone who
cares about security UI
and how we can make it
         better
why am I here?
human
who am i
  shield?
usability            security




            coding
usability            security




            coding
why do we care?
because the internet is
   not a safe place
because the internet is
   not a safe place
because the internet is
   not a safe place
because the threats are
       changing
         Technology such as cloned part-
         robot humans used by organised
 ...
because most existing
    UI is sparse...


   (A padlock. We’ll come back to this.)
...incomprehensible...
...and maybe not too
      carefully designed.
quot;Over the kitchen table, she said she could
only remember four figures, ...
because we can do
      better
the plan

• Security UI in 5 Easy Steps
• The Padlock: A Cautionary Tale
• Larry: More better
• Thinking About the Future
...
five rules for security UI
Be Meaningful
Use clear language and concepts.
        Avoid ambiguity.
Be Relevant
Focus on what matters to your
   users, not your compiler.
Be Robust
Don’t build user trust around indicators
     that can be easily subverted.
Be Available
Do not expect your users to notice the
       absence of an indicator.
Be Brave
Sometimes you have to make the call on
         your users’ behalf.
Meaningful
       Relevant
        Robust
       Available
        Brave
Handy Mnemonic... MRRAB?
applying the rules
the
padlock
it’s ubiquitous
   we’ve got one


  so does microsoft


      safari too


  opera has 3 kinds
it’s ubiquitous
   we’ve got one


  so does microsoft


      safari too


  opera has 3 kinds
it’s really ubiquitous
it’s really ubiquitous
but is it good UI?
Remember MRRAB


Meaningful - ?
Remember MRRAB

Meaningful - Not really.
Relevant - ?
Remember MRRAB

Meaningful - Not really.
Relevant - Fairly.
Robust - ?
Remember MRRAB
Meaningful - Not really.
Relevant - Fairly.
Robust - Barely.
Available - ?
Remember MRRAB
Meaningful - Not really.
Relevant - Fairly.
Robust - Barely.
Available - Only when you don’t need it.
Brave...
Remember MRRAB
Meaningful - Not really.
Relevant - Fairly.
Robust - Barely.
Available - Only when you don’t need it.
Brave...
doing better
an identity indicator in primary chrome
identity

Let’s stop talking about safety, since we
 were never any good at that anyhow.

  Let’s talk about what we can k...
EV
 There is a new breed of SSL Certificate now
         called “Extended Validation.”

The identity information in these c...
meet larry
in Firefox 3, Larry will
   indicate identity




   (* Mockups change. Don’t over-report.)
even on non-EV sites,
Larry will be around




   (* Mockups change. Don’t over-report.)
MRRAB?
Meaningful - Identity, period.
Relevant - Knowing identity matters.
Robust - EV Certificates are hard to fake.
Available - ...
A+++!
Meaningful - Identity, period.
Relevant - Knowing identity matters.
Robust - EV Certificates are hard to fake.
Availa...
B?
Meaningful - Identity, period.
Relevant - Knowing identity matters.
Robust - EV Certificates are hard to fake.
Available...
more to think about
 Larry vs. padlock is hardly the
 only security UI that matters
malware protection
secondary information
security warnings
private browsing
even the humble
  location bar
W3C WSC
Web Security Context Working Group
    http://www.w3.org/2006/WSC/

         Software Companies
           Standar...
recommendations being
     considered
         Safe Browsing Whitelist
          Browser Lock Down
  Personally Identifiabl...
we
  also
throw
 some
crazier
 ideas
around
can we make better use
    of past actions?

             “You’ve been to this site before”

       “Nothing’s changed sin...
how about social networks?

  “7 of your Facebook friends have purchased
              things from this site”

    “Your g...
can we stop phishing
 with tech smarts?
           Secure Remote Password
                   Protocol

            Let the...
and don’t forget...

It has to work for internationalization.
It has to work for accessibility.
It has to work for mobile.
bedtime reading
Peter Gutmann
Phishing Tips and Techniques
http://www.cs.auckland.ac.nz/~pgut001/pubs/phishing.pdf

Rachna...
your turn
credits
•   Security Geek - http://flickr.com/photos/oblivion/351874401/
•   Mountain Lion - http://flickr.com/photos/ekai/4...
credits
•   Security Geek - http://flickr.com/photos/oblivion/351874401/
•   Mountain Lion - http://flickr.com/photos/ekai/4...
Upcoming SlideShare
Loading in …5
×

Os Nightingale

653 views

Published on

Published in: Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
653
On SlideShare
0
From Embeds
0
Number of Embeds
33
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Os Nightingale

  1. 1. Beyond the Padlock Security UI for the Distracted Johnathan Nightingale Human Shield Mozilla Corporation
  2. 2. why are you here?
  3. 3. maybe you’re a security geek
  4. 4. or a visual designer
  5. 5. maybe you just like Firefoxen (Who doesn’t?)
  6. 6. you’re someone who cares about security UI
  7. 7. you’re someone who cares about security UI and how we can make it better
  8. 8. why am I here?
  9. 9. human who am i shield?
  10. 10. usability security coding
  11. 11. usability security coding
  12. 12. why do we care?
  13. 13. because the internet is not a safe place
  14. 14. because the internet is not a safe place
  15. 15. because the internet is not a safe place
  16. 16. because the threats are changing Technology such as cloned part- robot humans used by organised crime gangs pose the greatest future challenge to police, along with online scamming. Australian Federal Police (AFP) Commissioner Mick Keelty
  17. 17. because most existing UI is sparse... (A padlock. We’ll come back to this.)
  18. 18. ...incomprehensible...
  19. 19. ...and maybe not too carefully designed. quot;Over the kitchen table, she said she could only remember four figures, so because of her, four figures became the world standard,quot; he laughs. John Shepherd-Barron, Inventor of the ATM, on PIN length
  20. 20. because we can do better
  21. 21. the plan • Security UI in 5 Easy Steps • The Padlock: A Cautionary Tale • Larry: More better • Thinking About the Future • Your turn
  22. 22. five rules for security UI
  23. 23. Be Meaningful Use clear language and concepts. Avoid ambiguity.
  24. 24. Be Relevant Focus on what matters to your users, not your compiler.
  25. 25. Be Robust Don’t build user trust around indicators that can be easily subverted.
  26. 26. Be Available Do not expect your users to notice the absence of an indicator.
  27. 27. Be Brave Sometimes you have to make the call on your users’ behalf.
  28. 28. Meaningful Relevant Robust Available Brave Handy Mnemonic... MRRAB?
  29. 29. applying the rules
  30. 30. the padlock
  31. 31. it’s ubiquitous we’ve got one so does microsoft safari too opera has 3 kinds
  32. 32. it’s ubiquitous we’ve got one so does microsoft safari too opera has 3 kinds
  33. 33. it’s really ubiquitous
  34. 34. it’s really ubiquitous
  35. 35. but is it good UI?
  36. 36. Remember MRRAB Meaningful - ?
  37. 37. Remember MRRAB Meaningful - Not really. Relevant - ?
  38. 38. Remember MRRAB Meaningful - Not really. Relevant - Fairly. Robust - ?
  39. 39. Remember MRRAB Meaningful - Not really. Relevant - Fairly. Robust - Barely. Available - ?
  40. 40. Remember MRRAB Meaningful - Not really. Relevant - Fairly. Robust - Barely. Available - Only when you don’t need it. Brave - ?
  41. 41. Remember MRRAB Meaningful - Not really. Relevant - Fairly. Robust - Barely. Available - Only when you don’t need it. Brave - Sure. C-
  42. 42. doing better an identity indicator in primary chrome
  43. 43. identity Let’s stop talking about safety, since we were never any good at that anyhow. Let’s talk about what we can know.
  44. 44. EV There is a new breed of SSL Certificate now called “Extended Validation.” The identity information in these certificates is vetted in a standardized, robust way. Hooray. http://www.cabforum.org/
  45. 45. meet larry
  46. 46. in Firefox 3, Larry will indicate identity (* Mockups change. Don’t over-report.)
  47. 47. even on non-EV sites, Larry will be around (* Mockups change. Don’t over-report.)
  48. 48. MRRAB?
  49. 49. Meaningful - Identity, period. Relevant - Knowing identity matters. Robust - EV Certificates are hard to fake. Available - Larry is always around. Brave - Killing the padlock is scary stuff.
  50. 50. A+++! Meaningful - Identity, period. Relevant - Knowing identity matters. Robust - EV Certificates are hard to fake. Available - Larry is always around. Brave - Killing the padlock is scary stuff.
  51. 51. B? Meaningful - Identity, period. Relevant - Knowing identity matters. Robust - EV Certificates are hard to fake. Available - Larry is always around. Brave - Killing the padlock is scary stuff.
  52. 52. more to think about Larry vs. padlock is hardly the only security UI that matters
  53. 53. malware protection
  54. 54. secondary information
  55. 55. security warnings
  56. 56. private browsing
  57. 57. even the humble location bar
  58. 58. W3C WSC Web Security Context Working Group http://www.w3.org/2006/WSC/ Software Companies Standards Bodies Professional Organizations Certificate Authorities Academics
  59. 59. recommendations being considered Safe Browsing Whitelist Browser Lock Down Personally Identifiable Information Bar Page Security Scoring Identity Indicator in Primary Chrome ☺
  60. 60. we also throw some crazier ideas around
  61. 61. can we make better use of past actions? “You’ve been to this site before” “Nothing’s changed since the last time you were here” “You’re sending a password to a site you’ve never visited”
  62. 62. how about social networks? “7 of your Facebook friends have purchased things from this site” “Your grandchild who knows computers says this site is fine.” “This site has 25 unresolved complaints according to BBB, and a reseller rating of 6.2”
  63. 63. can we stop phishing with tech smarts? Secure Remote Password Protocol Let the browser handle password generation Watch for credit card numbers going out on the wire
  64. 64. and don’t forget... It has to work for internationalization. It has to work for accessibility. It has to work for mobile.
  65. 65. bedtime reading Peter Gutmann Phishing Tips and Techniques http://www.cs.auckland.ac.nz/~pgut001/pubs/phishing.pdf Rachna Dhamija Why Phishing Works http://people.deas.harvard.edu/~rachna/papers/ why_phishing_works.pdf W3C WSC’s Shared Bookmarks http://www.w3.org/2006/WSC/wiki/SharedBookmarks
  66. 66. your turn
  67. 67. credits • Security Geek - http://flickr.com/photos/oblivion/351874401/ • Mountain Lion - http://flickr.com/photos/ekai/457004988/ • Red Panda - http://flickr.com/photos/takenzen/184693555 • Phishing/Malware stats - http://apwg.com/reports/apwg_report_may_2007.pdf • Robot Clones Quote - http://www.theage.com.au/news/national/top-cop-predicts- robot-crimewave/2007/07/06/1183351416078.html • Robot - http://www.sxc.hu/photo/502945 • Shepherd-Barron on ATM Pins - http://news.bbc.co.uk/2/hi/business/6230194.stm • Traffic Tree - http://flickr.com/photos/oobrien/7597395/ • Freddy the Fox - http://flickr.com/photos/roblee/207435086/ • Squity the Goose - http://flickr.com/photos/59547396@N00/63778062 • No Road Markings - http://flickr.com/photos/lwr/498246175/ • Brave Kitten - http://flickr.com/photos/malingering/69853302/ • Passport Agent (Larry) - http://www.aiga.org/content.cfm/symbol-signs • Footprints - http://www.sxc.hu/photo/573584 • Paper Men - http://www.sxc.hu/photo/431214 • No Fishing - http://www.sxc.hu/photo/791573 • Cell Phone - http://www.sxc.hu/photo/175602 • Microphone - http://www.sxc.hu/photo/793650
  68. 68. credits • Security Geek - http://flickr.com/photos/oblivion/351874401/ • Mountain Lion - http://flickr.com/photos/ekai/457004988/ • Red Panda - http://flickr.com/photos/takenzen/184693555 • Phishing/Malware stats - http://apwg.com/reports/apwg_report_may_2007.pdf • Robot Clones Quote - http://www.theage.com.au/news/national/top-cop-predicts- robot-crimewave/2007/07/06/1183351416078.html • Robot - http://www.sxc.hu/photo/502945 • Shepherd-Barron on ATM Pins - http://news.bbc.co.uk/2/hi/business/6230194.stm • Traffic Tree - http://flickr.com/photos/oobrien/7597395/ • Freddy the Fox - http://flickr.com/photos/roblee/207435086/ • Squity the Goose - http://flickr.com/photos/59547396@N00/63778062 • No Road Markings - http://flickr.com/photos/lwr/498246175/ • Brave Kitten - http://flickr.com/photos/malingering/69853302/ • Passport Agent (Larry) - http://www.aiga.org/content.cfm/symbol-signs • Footprints - http://www.sxc.hu/photo/573584 • Paper Men - http://www.sxc.hu/photo/431214 • No Fishing - http://www.sxc.hu/photo/791573 • Cell Phone - http://www.sxc.hu/photo/175602 • Microphone - http://www.sxc.hu/photo/793650

×