SlideShare a Scribd company logo

Secure the experience, experience security

Download as PPTX, PDF
Ran Liron
Ran Liron

Cyberspace is a scary landscape, and it is becoming scarier each day. While people stay (mostly) the same, the technology keeps evolving. In this talk we’ll discuss this challenge - How can we utilize effective UX design to provide a safer online environment? What can we do to make people feel secure? Which techniques enhance online security, and which common practices are ineffective and should be discarded?

Technology
1 of 47
Secure the Experience, Experience Security Debunking Cyber-Security Myths From: UX @ Cyber Security meetup #1
Ran Liron Head of UX at CYBERARK And also…  UX Mentor @Google Launchpad  UX Program Lead @ The Technicon, Continuing Education Division Uxing for more then 20 years 2
Protecting Computer Systems from theft and damage Person's emotions and attitudes about using a particular product, system or service Cyber Security UX
Protecting Computer Systems from theft and damage Person's emotions and attitudes about using a particular product, system or service Cyber Security UX
Protecting Computer Systems from theft and damage Person's emotions and attitudes about using a particular product, system or service Cyber Security UX Protecting People (and computers) from theft, damage and distress
6 Data (mainly): Resources Regular Joe perspective Michael Mcintyre -
Virus, Malware, Spyware, Ransomware, Identity theft, Worms, Trojan horses, Heartbleed, Golden Ticket, Pass-the-Hash… Cyber Security: The Risks 7
So….what do the Security Experts Recommend? 8
231 security experts Where asked: The Result: 152 Security Advice… Security Experts Recommendations “What are the top three pieces of advice you’ll give to a non-techsavvy user”? Google research: 152 Simple Steps to Stay Safe Online: Security Advice for Non-Tech-Savvy Users
Password matters Advice #2: “Use unique passwords” Advice #3: “Use strong passwords” Security Experts Recommendations Google research: 152 Simple Steps to Stay Safe Online: Security Advice for Non-Tech-Savvy Users
At least:  8 characters.  1 lowercase  1 Uppercase letter.  1 special character (!@#$%^&*)  1 number (0–9) Common Password’s requirements 12
Common password display method: The problem: - Requiring strange, meaningless yet complex string - The user never sees the password So…. Very hard to remember. Defensive Tools: Password 13 ********
So what do users do? 14 They get… creative
keystroke strings 12345678 7777777 666666 password zxcvbnm 1q2w3e4r qwerty Pw123456 … 15
Keeping it somewhere “safe” 16
Keeping it somewhere “safe” 17
Keeping it somewhere “safe” 18 Or simply using the same password all over the net… 
Password Alternative Use password management Tools Accept it The solution? 19
Security Questions? 20
Only you know your own history  You don’t have to memorize it  Users will answer truthfully If only we were … Security Questions: The Assumptions 21
only you know your own history? Security Questions: The Reality Nope 22
Security Questions: The Reality 37% admitted to providing fake answers, in an attempt to make them "harder to guess" 40% of our English-speaking US users were unable to recall their answers Google research – “Secrets, Lies, and Account Recovery: Lessons from the use of personal knowledge questions at google”
-24-
Security Questions Are Bad, Bad Practice! 25
What About CAPTCHA? 26
27 Last week, I tried to login to Microsoft’s App-store…
28 Acceptable alternative
The Experience of Setting a Password 29
Setting a Password: The Experience Michael Mcintyre – Comedy Gala 30 See - Link
Setting a password: Instructing the user Set Password: Confirm Password: ******* Need to include upper-case letter! 31
Setting a password: Instructing the user Set Password: Confirm Password: ******* Need to include at least 8 characters! 32
33 Last week, I tried to login to Microsot’s Appstore…
Don’t torment your users - Display all of the password requirements together 34
Password criteria:  Start with a letter  Include upper-case letter  Include lower-case letter  Include special Character (!@#$...)  Include number  at least 8 characters Setting a password: Instructing the user Set Password: Confirm Password: ******* ******** Password criteria: ✘ Start with a letter ✘ Include upper-case letter ✘ Include lower-case letter ✘ Include special Character (!@#$...) ✘ Include number ✘ at least 8 characters Nope! Password criteria: ✘ Start with a letter ✔ Include upper-case letter ✔ Include lower-case letter ✘ Include special Character (!@#$...) ✘ Include number ✔ at least 8 characters Password criteria: ✘ Start with a letter ✔ Include upper-case letter ✔ Include lower-case letter ✔ Include special Character (!@#$...) ✔ Include number ✔ at least 8 characters Password criteria: ✔ Start with a letter ✔ Include upper-case letter ✔ Include lower-case letter ✔ Include special Character (!@#$...) ✔ Include number ✔ at least 8 characters ************************ 35
A way to create passwords that is both secured And easy to remember And has almost no requirements… If only there was… 36
Try to remember this: Now try this: There is a way! 37 ******** **********************
Try to remember this: Now try this: There is a way! 38 ******** I love my fluffy bunny
Why passphrase is better then password? Set Password: *********************** We recommend to use a meaningful phrase. You may use any character, include spaces. Minimum 20 characters total. For example: “I love my fluffy bunny”. This is nice and simple 39
Why Passphrase is Better Then Password? Longer = More secured Easier to remember = More convenient AND more secured 40
Security experts Recommendations 41
Recommendation #1: “Keep systems and software up to date” So – encourage your users to update Security Experts Recommendations 42
Encourage your user to update -43-
Conclusion 44
Drive effective user behavior to increase security: 1. Don’t use security questions, nor CAPTCHA 2. Display all the password requirements together 3. Allow users to see their passwords 4. Promote using passphrases instead of password 5. Encourage users to keep their software up-to-date Takeaways
-46- How Are You Going To Improve Your Users’ Security?
 Google research:  152 Simple Steps to Stay Safe Online: Security Advice for Non-Tech-Savvy Users  Secrets, Lies, and Account Recovery: Lessons from the Use of Personal Knowledge Questions at Google  Are you a robot? Introducing “No CAPTCHA reCAPTCHA”  mozilla's blog: Exploring the Emotions of Security, Privacy and Identity  SogetiLabs Blog: UX & Security, Part 2: Account Registration  I’m not a human: Breaking the Google reCAPTCHA  Michael Mcintyr: Comedy Gala  Reference 47

Recommended

Design systems Implementation
Design systems Implementation Design systems Implementation
Design systems Implementation Ran Liron
 
UX @ Agile - Myths, Legends and the path to success
UX @ Agile - Myths, Legends and the path to successUX @ Agile - Myths, Legends and the path to success
UX @ Agile - Myths, Legends and the path to successRan Liron
 
Secure the experience, experience security
Secure the experience, experience security Secure the experience, experience security
Secure the experience, experience security Ran Liron
 
UX - תפיסות שגויות וממשקים שמישים
UX - תפיסות שגויות וממשקים שמישיםUX - תפיסות שגויות וממשקים שמישים
UX - תפיסות שגויות וממשקים שמישיםRan Liron
 
About UX Consistency
About UX Consistency About UX Consistency
About UX Consistency Ran Liron
 
User story driven product development process
User story driven product development processUser story driven product development process
User story driven product development processRan Liron
 
מיצוב תחום חווית המשתמש בארגוני מוצר
מיצוב תחום חווית המשתמש בארגוני מוצרמיצוב תחום חווית המשתמש בארגוני מוצר
מיצוב תחום חווית המשתמש בארגוני מוצרRan Liron
 
Introduction to UX
Introduction to UXIntroduction to UX
Introduction to UXRan Liron
 

Recommended

Design systems Implementation
Design systems Implementation Design systems Implementation
Design systems Implementation Ran Liron
 
UX @ Agile - Myths, Legends and the path to success
UX @ Agile - Myths, Legends and the path to successUX @ Agile - Myths, Legends and the path to success
UX @ Agile - Myths, Legends and the path to successRan Liron
 
Secure the experience, experience security
Secure the experience, experience security Secure the experience, experience security
Secure the experience, experience security Ran Liron
 
UX - תפיסות שגויות וממשקים שמישים
UX - תפיסות שגויות וממשקים שמישיםUX - תפיסות שגויות וממשקים שמישים
UX - תפיסות שגויות וממשקים שמישיםRan Liron
 
About UX Consistency
About UX Consistency About UX Consistency
About UX Consistency Ran Liron
 
User story driven product development process
User story driven product development processUser story driven product development process
User story driven product development processRan Liron
 
מיצוב תחום חווית המשתמש בארגוני מוצר
מיצוב תחום חווית המשתמש בארגוני מוצרמיצוב תחום חווית המשתמש בארגוני מוצר
מיצוב תחום חווית המשתמש בארגוני מוצרRan Liron
 
Introduction to UX
Introduction to UXIntroduction to UX
Introduction to UXRan Liron
 
UX Innovation
UX Innovation UX Innovation
UX Innovation Ran Liron
 
UX @ agile - myths, legends and the path to success
UX @ agile - myths, legends and the path to successUX @ agile - myths, legends and the path to success
UX @ agile - myths, legends and the path to successRan Liron
 
UX @ NICE enterprise
UX @ NICE enterpriseUX @ NICE enterprise
UX @ NICE enterpriseRan Liron
 
Prototyping for effective UX
Prototyping for effective UXPrototyping for effective UX
Prototyping for effective UXRan Liron
 
Prototyping mistakes (hebrew)
Prototyping mistakes (hebrew)Prototyping mistakes (hebrew)
Prototyping mistakes (hebrew)Ran Liron
 
UX misconceptions
UX misconceptionsUX misconceptions
UX misconceptionsRan Liron
 
ממשק - בדיקות מומחה
ממשק - בדיקות מומחהממשק - בדיקות מומחה
ממשק - בדיקות מומחהRan Liron
 
Prototyping Tools Hebrew
Prototyping Tools HebrewPrototyping Tools Hebrew
Prototyping Tools HebrewRan Liron
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 

More Related Content

More from Ran Liron

UX Innovation
UX Innovation UX Innovation
UX Innovation Ran Liron
 
UX @ agile - myths, legends and the path to success
UX @ agile - myths, legends and the path to successUX @ agile - myths, legends and the path to success
UX @ agile - myths, legends and the path to successRan Liron
 
UX @ NICE enterprise
UX @ NICE enterpriseUX @ NICE enterprise
UX @ NICE enterpriseRan Liron
 
Prototyping for effective UX
Prototyping for effective UXPrototyping for effective UX
Prototyping for effective UXRan Liron
 
Prototyping mistakes (hebrew)
Prototyping mistakes (hebrew)Prototyping mistakes (hebrew)
Prototyping mistakes (hebrew)Ran Liron
 
UX misconceptions
UX misconceptionsUX misconceptions
UX misconceptionsRan Liron
 
ממשק - בדיקות מומחה
ממשק - בדיקות מומחהממשק - בדיקות מומחה
ממשק - בדיקות מומחהRan Liron
 
Prototyping Tools Hebrew
Prototyping Tools HebrewPrototyping Tools Hebrew
Prototyping Tools HebrewRan Liron
 

More from Ran Liron (8)

UX Innovation
UX Innovation UX Innovation
UX Innovation
 
UX @ agile - myths, legends and the path to success
UX @ agile - myths, legends and the path to successUX @ agile - myths, legends and the path to success
UX @ agile - myths, legends and the path to success
 
UX @ NICE enterprise
UX @ NICE enterpriseUX @ NICE enterprise
UX @ NICE enterprise
 
Prototyping for effective UX
Prototyping for effective UXPrototyping for effective UX
Prototyping for effective UX
 
Prototyping mistakes (hebrew)
Prototyping mistakes (hebrew)Prototyping mistakes (hebrew)
Prototyping mistakes (hebrew)
 
UX misconceptions
UX misconceptionsUX misconceptions
UX misconceptions
 
ממשק - בדיקות מומחה
ממשק - בדיקות מומחהממשק - בדיקות מומחה
ממשק - בדיקות מומחה
 
Prototyping Tools Hebrew
Prototyping Tools HebrewPrototyping Tools Hebrew
Prototyping Tools Hebrew
 

Recently uploaded

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 

Recently uploaded (20)

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 

Secure the experience, experience security

  • 1. Secure the Experience, Experience Security Debunking Cyber-Security Myths From: UX @ Cyber Security meetup #1
  • 2. Ran Liron Head of UX at CYBERARK And also…  UX Mentor @Google Launchpad  UX Program Lead @ The Technicon, Continuing Education Division Uxing for more then 20 years 2
  • 3. Protecting Computer Systems from theft and damage Person's emotions and attitudes about using a particular product, system or service Cyber Security UX
  • 4. Protecting Computer Systems from theft and damage Person's emotions and attitudes about using a particular product, system or service Cyber Security UX
  • 5. Protecting Computer Systems from theft and damage Person's emotions and attitudes about using a particular product, system or service Cyber Security UX Protecting People (and computers) from theft, damage and distress
  • 6. 6 Data (mainly): Resources Regular Joe perspective Michael Mcintyre -
  • 7. Virus, Malware, Spyware, Ransomware, Identity theft, Worms, Trojan horses, Heartbleed, Golden Ticket, Pass-the-Hash… Cyber Security: The Risks 7
  • 8. So….what do the Security Experts Recommend? 8
  • 9. 231 security experts Where asked: The Result: 152 Security Advice… Security Experts Recommendations “What are the top three pieces of advice you’ll give to a non-techsavvy user”? Google research: 152 Simple Steps to Stay Safe Online: Security Advice for Non-Tech-Savvy Users
  • 10. Password matters Advice #2: “Use unique passwords” Advice #3: “Use strong passwords” Security Experts Recommendations Google research: 152 Simple Steps to Stay Safe Online: Security Advice for Non-Tech-Savvy Users
  • 11.
  • 12. At least:  8 characters.  1 lowercase  1 Uppercase letter.  1 special character (!@#$%^&*)  1 number (0–9) Common Password’s requirements 12
  • 13. Common password display method: The problem: - Requiring strange, meaningless yet complex string - The user never sees the password So…. Very hard to remember. Defensive Tools: Password 13 ********
  • 14. So what do users do? 14 They get… creative
  • 16. Keeping it somewhere “safe” 16
  • 17. Keeping it somewhere “safe” 17
  • 18. Keeping it somewhere “safe” 18 Or simply using the same password all over the net… 
  • 21. Only you know your own history  You don’t have to memorize it  Users will answer truthfully If only we were … Security Questions: The Assumptions 21
  • 22. only you know your own history? Security Questions: The Reality Nope 22
  • 23. Security Questions: The Reality 37% admitted to providing fake answers, in an attempt to make them "harder to guess" 40% of our English-speaking US users were unable to recall their answers Google research – “Secrets, Lies, and Account Recovery: Lessons from the use of personal knowledge questions at google”
  • 24. -24-
  • 25. Security Questions Are Bad, Bad Practice! 25
  • 27. 27 Last week, I tried to login to Microsoft’s App-store…
  • 29. The Experience of Setting a Password 29
  • 30. Setting a Password: The Experience Michael Mcintyre – Comedy Gala 30 See - Link
  • 31. Setting a password: Instructing the user Set Password: Confirm Password: ******* Need to include upper-case letter! 31
  • 32. Setting a password: Instructing the user Set Password: Confirm Password: ******* Need to include at least 8 characters! 32
  • 33. 33 Last week, I tried to login to Microsot’s Appstore…
  • 34. Don’t torment your users - Display all of the password requirements together 34
  • 35. Password criteria:  Start with a letter  Include upper-case letter  Include lower-case letter  Include special Character (!@#$...)  Include number  at least 8 characters Setting a password: Instructing the user Set Password: Confirm Password: ******* ******** Password criteria: ✘ Start with a letter ✘ Include upper-case letter ✘ Include lower-case letter ✘ Include special Character (!@#$...) ✘ Include number ✘ at least 8 characters Nope! Password criteria: ✘ Start with a letter ✔ Include upper-case letter ✔ Include lower-case letter ✘ Include special Character (!@#$...) ✘ Include number ✔ at least 8 characters Password criteria: ✘ Start with a letter ✔ Include upper-case letter ✔ Include lower-case letter ✔ Include special Character (!@#$...) ✔ Include number ✔ at least 8 characters Password criteria: ✔ Start with a letter ✔ Include upper-case letter ✔ Include lower-case letter ✔ Include special Character (!@#$...) ✔ Include number ✔ at least 8 characters ************************ 35
  • 36. A way to create passwords that is both secured And easy to remember And has almost no requirements… If only there was… 36
  • 37. Try to remember this: Now try this: There is a way! 37 ******** **********************
  • 38. Try to remember this: Now try this: There is a way! 38 ******** I love my fluffy bunny
  • 39. Why passphrase is better then password? Set Password: *********************** We recommend to use a meaningful phrase. You may use any character, include spaces. Minimum 20 characters total. For example: “I love my fluffy bunny”. This is nice and simple 39
  • 40. Why Passphrase is Better Then Password? Longer = More secured Easier to remember = More convenient AND more secured 40
  • 42. Recommendation #1: “Keep systems and software up to date” So – encourage your users to update Security Experts Recommendations 42
  • 43. Encourage your user to update -43-
  • 45. Drive effective user behavior to increase security: 1. Don’t use security questions, nor CAPTCHA 2. Display all the password requirements together 3. Allow users to see their passwords 4. Promote using passphrases instead of password 5. Encourage users to keep their software up-to-date Takeaways
  • 46. -46- How Are You Going To Improve Your Users’ Security?
  • 47.  Google research:  152 Simple Steps to Stay Safe Online: Security Advice for Non-Tech-Savvy Users  Secrets, Lies, and Account Recovery: Lessons from the Use of Personal Knowledge Questions at Google  Are you a robot? Introducing “No CAPTCHA reCAPTCHA”  mozilla's blog: Exploring the Emotions of Security, Privacy and Identity  SogetiLabs Blog: UX & Security, Part 2: Account Registration  I’m not a human: Breaking the Google reCAPTCHA  Michael Mcintyr: Comedy Gala  Reference 47

Editor's Notes

  1. https://picjumbo.com/creepy-man-without-a-face-in-a-hoodie/