Design for Security
C3 | Tue 22 Jan | 10:50 a.m.–11:25 a.m.
Today, the internet owns our lives. Every website and app we touch knows us: our personal information, our inane ramblings, our deepest secrets. Security has never been more crucial, yet it’s a rare topic outside of ISM teams and hackers. And through the design lens, it’s completely missing. This is a mistake. There’s a misconception that security is a niche for masterminds. In the real world, most security breaches don’t come from 0days or neat hacks. In fact, most errors are human—simple scams that have worked since society began. This is where design fills a missed opportunity. Good user experience design is necessary for good security. We can craft paths of least resistance that match paths of most security. We can educate our users on what is good practice and what is security theater. We can build secure flows that are usable, not obstructive or annoying. In this talk we'll go over four strategies that apply design thinking to security problems. We'll pinpoint which practices work and which are detrimental. And finally, we'll walk through how you can use design thinking to approach security issues in your websites, apps, and companies in a whole new way.