Design for Security

Explore strategies for integrating security considerations into user experience design in this 43-minute conference talk from linux.conf.au. Learn how to craft secure, user-friendly paths, educate users on good security practices, and build secure flows that are usable rather than obstructive. Discover four key strategies applying design thinking to security problems, identify effective practices, and gain insights on approaching security issues in websites, apps, and companies from a fresh perspective. Understand the importance of aligning security goals with user goals, normalizing security measures, and considering user mental models to create more secure and intuitive digital experiences.

Intro
Good experience design and good security cannot exist without each other
We need to stop expecting people to become security experts
Shaming people is lazy
Design thinking is a problem solving tool
Consider the "secure by default" principle
Normalise security
Group similar tasks
Path of (Perceived) Least Resistance
Each false alarm reduces the credibility of a warning system.
Shadow It is a massive vulnerability
Use security tools for security concerns
Align your goals with the end user's goals
(Mis)communication
What are you unintentionally miscommunicating?
What is their mental model of what's happening, compared to yours?
A system is secure from a given user's perspective if the set of actions that each actor can do are bounded by what the user believes it can do.
How are we already influencing users' models?
What are we teaching?
Understand end user mental models
What are your users' mental models?
One final anecdote...