BSidesWLG 2017 - Serena Chen - Design for Security

There's a misconception — perpetuated by green lines of incomprehensible code in movies — that security is a niche for masterminds. But in the real world, most security breaches don't come from 0days or convoluted hacks. In fact, most errors are human. Simple scams that have worked since the internet began. This is where design fills a massive missed opportunity. Good user experience design is necessary for good security. We can craft paths of least resistance that match paths of most security. We can educate our users on what is good practice and what is security theatre. We can design secure flows that are usable, not obstructive or annoying.