Between a Rock and a Hard Place: The Bloody Intersection of Security and Usability

10:30 AM Jefferson

Session Materials:

All users say, loudly and repeatedly, that they want to be secure in their online and computing worlds. At the same time, they refuse to lift a finger to assist that security. (“Password? Sure, how about ‘qwerty’? ”) Security requirements are escalating as ever more numerous and important functions join our connected world – think WIFI-connected insulin pumps. At the same time, usability requirements are escalating as ever more numerous and important functions join our connected world – think WIFI-connected insulin pumps again. Unstoppable forces are slamming into immovable objects, and we're smack in the middle. What the heck do we do? As war is too important to be left to generals, so security is too important to be left to the cryptologists. Usability is an irremovable part of the security design landscape. This talk will help you understand who your users are, how they think about security, and why they think that way. We’ll look in detail at security / usability tradeoffs made by Amazon. We’ll discuss why they are appropriate for Amazon’s user base, and how they might be made differently for different user populations. We’ll conclude with suggestions for designing security for your particular user population – and strident calls for more user education aren’t one of them.