51
UX for Security: Power of Design Ame Elliott @ameellio #oreillydesign January 22, 2016

UX for Security: Power of Design

Embed Size (px)

Citation preview

Page 1: UX for Security: Power of Design

UX for Security: Power of Design

Ame Elliott @ameellio #oreillydesign

January 22, 2016

Page 2: UX for Security: Power of Design

I’m Ame Elliott from Simply Secure@ameellio

Hello.

Page 3: UX for Security: Power of Design

DESIGNERS DEVELOPERS RESEARCHERS USERS

Page 4: UX for Security: Power of Design

Security’s got to be easy and intuitive or it won’t work

Page 5: UX for Security: Power of Design

Everyone should be able to communicate securely and privately

Page 6: UX for Security: Power of Design

Everyone should be able to communicate securely and privately

Page 7: UX for Security: Power of Design

Everyone should be able to communicate securely and privately

Page 8: UX for Security: Power of Design

Everyone should be able to communicate securely and privately

Page 9: UX for Security: Power of Design

UX for Security: The Power of Design

Introduction

Why Privacy Matters

Building Better Basics

Exploring New Frontiers

Conclusion

@ameellio #oreillydesign

Page 10: UX for Security: Power of Design

Your online behavior is monitored

Image: Kajart Studio’s Tor Browser explanation http://www.kajart.com/portfolio/tor-project-educational-animation-english/

Page 11: UX for Security: Power of Design

Combined with your offline movements and activities, your behavior is tracked Image: Kajart Studio’s Tor Browser explanation

http://www.kajart.com/portfolio/tor-project-educational-animation-english/

Page 12: UX for Security: Power of Design

Corporations and governments watch our behavior

http://www.kajart.com/portfolio/tor-project-educational-animation-english/

Page 13: UX for Security: Power of Design

Adults “agree” or “strongly agree” that we should be concerned about the government’s monitoring of phone calls and internet communications.

http://www.pewinternet.org/2014/11/12/public-privacy-perceptions/

Adults “agree” or “strongly agree” that consumers have lost control over how personal information is collected and used by companies

91% 80%

Page 14: UX for Security: Power of Design

Mike Monteiro, “How Designers Destroyed the World” by Webstock ‘13

https://vimeo.com/68470326

Page 15: UX for Security: Power of Design

80 million people effected by the Anthem hack, 10s of millions of children http://www.nbcnews.com/business/personal-finance/millions-children-exposed-id-theft-through-anthem-breach-n308116

After a data breach, people have longer lifespans than identity theft companies

Page 16: UX for Security: Power of Design

https://www.schneier.com/blog/archives/2015/02/samsung_televis.html http://motherboard.vice.com/read/looking-up-symptoms-online-these-companies-are-collecting-your-data http://www.theregister.co.uk/2015/10/19/bods_brew_ikettle_20_hack_plot_vulnerable_london_pots/

Just don’t talk in front of your TV, look up health info, or drink tea

Page 17: UX for Security: Power of Design

Let’s make theinternet better

Page 18: UX for Security: Power of Design

| +---+ +---+ | | H |--->| I | | +---+ +---+

+---+ ^ | G | / +---+ +---+ +---+ +---+ / | F |--->| H |--->| I | ^ / +---+ +---+ +---+

\ / ^ \/ /

+---+ +---+ +---+ +---+ +---+ | F | | G |--->| I |--->| H | | M | +---+ +---+ +---+ +---+ +---+ ^ ^ ^ | / | +------+ +-----------+ +------+ +---+ | TA W |<------| Bridge CA |-------->| TA X |-->| L | +------+ +-----------+ +------+ +---+ / ^ \ \ v \ v v

+------+ +------+ +---+ +---+ | TA Y | | TA Z | | J | | N | +------+ +------+ +---+ +---+ / \ / \ \ \ v v v v v v +---+ +---+ +---+ +---+ +---+ +----+ | A | | C | | O | | P | | K | | EE | +---+ +---+ +---+ +---+ +---+ +----+

/ \ / \ / \ \ v v v v v v v +---+ +---+ +---+ +---+ +---+ +---+ +---+ | B | | C | | A | | B | | Q | | R | | S | +---+ +---+ +---+ +---+ +---+ +---+ +---+

/ \ \ \ \ \ \ v v v v v v v

+---+ +---+ +---+ +---+ +---+ +---+ +---+

| | G |--->| I | | +---+ +---+

| ^ | / | /

+------+ +-----------+ +------+ +---+ +---+ | TA W |<----->| Bridge CA |<------>| TA X |-->| L |-->| M | +------+ +-----------+ +------+ +---+ +---+

^ ^ \ \ / \ \ \ / \ \ \ v v v v +------+ +------+ +---+ +---+ | TA Y | | TA Z | | J | | N | +------+ +------+ +---+ +---+ / \ / \ | | / \ / \ | | / \ / \ v v

v v v v +---+ +----+ +---+ +---+ +---+ +---+ | K | | EE | | A |<--->| C | | O | | P | +---+ +----+

+---+ +---+ +---+ +---+ \ / / \ \ \ / / \ \ \ / v v v

v v +---+ +---+ +---+ +---+ | Q | | R | | S | | B | +---+ +---+ +---+

+---+ | /\ | / \ | v v v

+---+ +---+ +---+ | E | | D | | T | +---+ +---+ +---+

Figure 9 - Four Bridged PKIs

You don’t need to be a cryptographer to work in security

Page 19: UX for Security: Power of Design

You do need to be human-centered & empathetic

Page 20: UX for Security: Power of Design

https://www.flickr.com/photos/christopherbrown/10135180454

Be a systems thinker, finding the gaps in service design

Page 21: UX for Security: Power of Design

The key UX challenge for privacy & security is appropriate complexity

Page 22: UX for Security: Power of Design

PGP Keys: https://www.usenix.org/legacy/events/sec99/full_papers/whitten/whitten_html/pgp5.gif Enigmail images: https://www.enigmail.net/documentation/keyman.php

PGP email encryption exposes complexity

Page 23: UX for Security: Power of Design

https://itunes.apple.com/us/app/signal-private-messenger/id874139669

Signal from Open Whisper Systems hide complexity

Page 24: UX for Security: Power of Design

UX for Security: The Power of Design

Introduction

Why Privacy Matters

Building Better Basics

Exploring New Frontiers

Conclusion

@ameellio #oreillydesign

Page 25: UX for Security: Power of Design

M-Lab: Improving network monitoring & threat detection

http://www.measurementlab.net/visualizations

Page 26: UX for Security: Power of Design

How might we … help more people understand systems & threats?

Page 27: UX for Security: Power of Design

Conveying trustworthiness:More than lock icons

http://dangrover.com/blog/2014/12/01/chinese-mobile-app-ui-trends.html

Page 28: UX for Security: Power of Design

How might we … convey more nuanced messaging status with a limited visual vocabulary?

Page 29: UX for Security: Power of Design

Ashley Madison: Leaky sign-in

http://www.troyhunt.com/2015/07/your-affairs-were-never-discrete-ashley.html

Page 30: UX for Security: Power of Design

How might we … treat login as an experience flow, not copywriting?

Page 31: UX for Security: Power of Design

Designing for behavior change: always accept, always ignore

http://www.securityforrealpeople.com/2014/10/the-high-price-of-free-wifi-your-eldest.html

Page 32: UX for Security: Power of Design

How might we … motivate behavior change to more secure behaviors?

Page 33: UX for Security: Power of Design

Instead of scolding error messages, Slack uses humor to build trust

Page 34: UX for Security: Power of Design

How might we … create actionable alerts that increase feelings of confidence?

Page 35: UX for Security: Power of Design

UX for Security: The Power of Design

Introduction

Why Privacy Matters

Building Better Basics

Exploring New Frontiers

Conclusion

@ameellio #oreillydesign

Page 36: UX for Security: Power of Design

36http://www.theregister.co.uk/2015/10/19/bods_brew_ikettle_20_hack_plot_vulnerable_london_pots/

iKettle hack proves wifi vulnerability #IoT #securityfail

Page 37: UX for Security: Power of Design

How might we …empower productdesigners to make good security decisions?

Page 38: UX for Security: Power of Design

38

Profile management off the screen: Netflix vs Nest

https://www.flickr.com/photos/nest/6264860345/

Page 39: UX for Security: Power of Design

How might we …help people understand when their profile data is being accessed?

Page 40: UX for Security: Power of Design

https://www.google.com/landing/2step/

Page 41: UX for Security: Power of Design

Opportunity: Two-factor authentication (2FA)

https://www.turnon2fa.com/

Page 42: UX for Security: Power of Design

Mind the gaps between apps & between apps & operating system

Page 43: UX for Security: Power of Design

How might we …create smooth seams between apps ?

Page 44: UX for Security: Power of Design

UX for Security: The Power of Design

Introduction

Why Privacy Matters

Building Better Basics

Exploring New Frontiers

Conclusion

@ameellio #oreillydesign

Page 45: UX for Security: Power of Design

Let’s make theinternet better

Page 46: UX for Security: Power of Design

Privacy matters

Page 47: UX for Security: Power of Design

Build better basics

http://www.troyhunt.com/2015/07/your-affairs-were-never-discrete-ashley.html

Page 48: UX for Security: Power of Design

Explore new frontiers

Page 49: UX for Security: Power of Design

How might we …create smooth seams between experiences?

Page 50: UX for Security: Power of Design

Get involved with Simply Secure

Follow @simplysecureorg on Twitter

Email [email protected] to request access to our Slack (UX, security, privacy)

Share your work

Become a peer reviewer or mentor: 2-3 hours a month

@ameellio

Page 51: UX for Security: Power of Design

Thank YouAme Elliott@ameellio

[email protected]