Overview
Syllabus
Intro
Good experience design and good security cannot exist without each other
We need to stop expecting people to become security experts
Shaming people is lazy
Design thinking is a problem solving tool
Consider the "secure by default" principle
Normalise security
Group similar tasks
Path of (Perceived) Least Resistance
Each false alarm reduces the credibility of a warning system.
Shadow It is a massive vulnerability
Use security tools for security concerns
Align your goals with the end user's goals
(Mis)communication
What are you unintentionally miscommunicating?
What is their mental model of what's happening, compared to yours?
A system is secure from a given user's perspective if the set of actions that each actor can do are bounded by what the user believes it can do.
How are we already influencing users' models?
What are we teaching?
Understand end user mental models
What are your users' mental models?
One final anecdote...
Taught by
linux.conf.au