Design for Security presented at bsideswellington 2017

by Serena Chen,

Summary : This is BSides, so you already know how crucial security is. Yet it's a rare topic outside of conferences and circles such as these.
There's a misconception — perpetuated by green lines of incomprehensible code in movies — that security is a niche for masterminds. But in the real world, most security breaches don't come from 0days or convoluted hacks. In fact, most errors are human. Simple scams that have worked since the internet began.
There's a massive missed opportunity here. What if designers and security experts teamed up? What if we approached security problems with a design perspective?
Good user experience design is necessary for good security. We can craft paths of least resistance that match paths of most security. We can educate our users on what is good practice and what is security theatre. We can design secure flows that are usable, not obstructive or annoying.
In this talk, we'll walk through secure design principles. We'll cover perceived security: how we can make our users feel safer as well as be safer. And to round it off, we'll walk through some common flows, and dissect how approaching security problems from a different perspective can offer interesting (and sometimes simple) solutions.