Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Security vs UX: Why UX is an important factor in designing secure systems

3,085 views

Published on

The presentation shows why UX is an important factor in designing secure systems, the negative security impacts of not considering UX, why there is trade-off between Security and UX and how we should approach this problem. The presentation is based on series of elttam blog posts on Security vs. UX.

Published in: Software
  • Be the first to comment

Security vs UX: Why UX is an important factor in designing secure systems

  1. 1. • • • •
  2. 2. • BakerHostetler: Privacy and Data protection report in 2014 • Ponemon: the new leading cause of data breach report 2015 • CompTIA: Survey of hundreds of US companies 2015 All these research studies had the same conclusions.
  3. 3. Yes, 9 characters. ISM new requirements.
  4. 4. 2 in 1: A sticky note + a weak password. Remote Second Factor Auth (R2FA)!
  5. 5. Lets be professional and call him a UX factor!
  6. 6. Feel Usability Look
  7. 7. Confidentiality Integrity Availability
  8. 8. Feel Usability Look Confidentiality Integrity Availability
  9. 9. More on these later.
  10. 10. Don’t ask how tall you are! Many don’t have a middle name! It must be easier that remembering a password.
  11. 11. Don’t prompt the same question.
  12. 12. This shows an empty space. There are no more pros.
  13. 13. * http://research.google.com/pubs/pub43783.html
  14. 14. Good UX point.
  15. 15. e.g. SecureRandom class At the time of writing.
  16. 16. • This shows an empty space. There are no more pros.
  17. 17. So, reduce the attack window with time limitation. You increase chance of successful Social Engineering attacks.
  18. 18. This is perhaps the best use-case. Good UX point.
  19. 19. Banks, please don’t use it $20,000 Phone porting scamJune 2015
  20. 20. Banks, please don’t use it
  21. 21. At the time of writing. Check References slide.
  22. 22. 6.4% adoption of Google 2FA*http://users.ics.forth.gr/~elathan/papers/eurosec15.pdf
  23. 23. This could be your weakest link.More on this later.
  24. 24. Google educate user on 2FA.
  25. 25. A bad way of educating by LinkedIn.
  26. 26. List emails that user should expect from you. Include also a sample email and type of things being requested in the email.
  27. 27. Facebook tells users what emails not to expect.
  28. 28. Good example by Amazon: “Don’t ask for code on this device”
  29. 29. Good example by Google: Simple and clear what action to take
  30. 30. • • • • • •
  31. 31. secure
  32. 32. • • • • •

×