Security vs. Usability: False Paradigms of Lazyness

<p>"It's a trade-off between security and usability.</p><p>Have you ever heard these words, or worse, uttered them? While we may understand security, we don't necessarily understand how people interact with technology. For example, merely adding too many words to a dialog box can cause users to not read or understand the warning or the choice before them. Try this: Without usability there can be no security. Without users comprehending security related user interfaces and dialogs, there is little chance they will make appropriate decisions. </p><p>I will discuss the impact of usability on end-users (without good questions, there can be no good answers); administrators (ease of administration can mask incompetence); and adversaries (malware usability lowers the bar for attackers). Practical advice on improving development practices will be give. </p><p>Too often either apathy or ignorance creates unusable and insecure software. If we continue to think that usability and security are opposing forces, we will continue to neglect to do the hard work creating usable systems, and our unusable systems will inevitably remain insecure. </p>

Presented by

Links