<p>"It's a trade-off between security and usability.</p><p>Have you ever heard these words, or worse, uttered them? While we may understand security, we don't necessarily understand how people interact with technology. For example, merely adding too many words to a dialog box can cause users to not read or understand the warning or the choice before them. Try this: Without usability there can be no security. Without users comprehending security related user interfaces and dialogs, there is little chance they will make appropriate decisions. </p><p>I will discuss the impact of usability on end-users (without good questions, there can be no good answers); administrators (ease of administration can mask incompetence); and adversaries (malware usability lowers the bar for attackers). Practical advice on improving development practices will be give. </p><p>Too often either apathy or ignorance creates unusable and insecure software. If we continue to think that usability and security are opposing forces, we will continue to neglect to do the hard work creating usable systems, and our unusable systems will inevitably remain insecure. </p>
Dead Addict still uses a silly handle, having missed the memo to come out into the open. He has had the opportunity to help start and speak at Defcon, as well as speak at Black Hat, RubiCon, Notacon and private security conferences. He has worked at a major operating system manufacturer, a global financial institution, a leading hardware manufacturer, as well as numerous smaller firms. He currently spends his winters in Canada, each summer pilgrimiging to the American desert. He holds no degrees and has as much respect for 'credentials' as the next hacker.