Log in or create a free Rosenverse account to watch this video.
Log in Create free account100s of community videos are available to free members. Conference talks are generally available to Gold members.
Summary
If you design digital products, you’re already influencing the security user experience—even if you don’t realize it. Your design choices impact how users handle security and privacy decisions. We live in an ecosystem where everything increasingly relies on the security of systems: from hospitals, to our water supply, to cars and robots. So the stakes are high: disruptions to these systems mean people can get hurt. Further, technology like AI agents—services that will know nearly everything about us and will take actions on our behalf—mean security and privacy are more important than ever. As a UX designer, you understand your product better than your users ever will. This gives you the power to protect users by developing safer systems. By the end of this talk, you’ll learn how to: Apply human-centered design principles to security: human-centered security. Identify key areas where security impacts users most. Understand the dynamics of the security ecosystem. Collaborate with your security UX allies. Ask better questions to balance security and usability. You’ll leave with a human-centered security framework that you and your team can use immediately. Start asking the right questions to improve security outcomes and keep people and systems safer.
Key Insights
-
•
Security user experience is hindered by conflicting priorities among UX, security, engineering, compliance, and product teams.
-
•
Users (Alice) generally focus on their goals, not security, so security often only surfaces as friction during critical moments.
-
•
Charlie represents the frustrating and jargon-heavy security communications that users encounter, impacting their trust and compliance.
-
•
Building a positive relationship between Alice (user) and Charlie (security systems) is essential to improve security outcomes.
-
•
Threat actors exploit gaps in the security user experience by understanding user behavior and system vulnerabilities better than designers do.
-
•
Signup and onboarding are critical moments to influence lasting security behavior since users have a captive and motivated audience.
-
•
Clear, jargon-free communication across disciplines helps unify disparate security languages into a shared understanding.
-
•
AI and sophisticated social engineering attacks will intensify the challenges in user trust and security communications.
-
•
Cross-disciplinary collaboration involving UX, security, product, and legal teams is key to designing effective human-centered security.
-
•
Security solutions should anticipate user stress, confusion, and typical user behaviors to design helpful, context-aware interactions.
Notable Quotes
"The stakes are really high, from disrupting critical infrastructure to AI acting on our behalf."
"If Alice no longer believes Charlie, she’s going to resent him and change how she responds next time."
"Charlie is like the worst coworker you’ve ever had: well intentioned but painful to interact with."
"Threat actors often understand Alice and Charlie better than we do and use that to their advantage."
"Users literally swat security warnings away because the flows are so overwhelming and confusing."
"We all speak different security languages, but at some point, they have to come together."
"We can’t improve security outcomes until we improve the relationship between Alice and Charlie."
"Threat actors try to convince Alice that they are Charlie to trick her into giving up access."
"Signup and onboarding offer a fleeting but critical opportunity to influence user security behaviors."
"The user is the weakest link is an unhelpful mindset; understanding dynamics helps design better security UX."
Or choose a question:
More Videos
"It is part of your role to say no, enforce guardrails, and stop people pleasing when democratizing research."
Jemma Ahmed Steve Carrod Chris Geison Dr. Shadi Janansefat Christopher NashDemocratization: Working with it, not against it [Advancing Research Community Workshop Series]
July 24, 2024
"You need sponsorship from senior leadership but also buy-in from all corners of the company to succeed."
Nina JurcicThe Design System Rollercoaster: From Enabler and Bottleneck to Catalyst for Change
October 3, 2023
"Almost all the non-adopters were in engineering — they were more interested in their power within the organization than efficiency for users."
Nathan Curtis Nalini P. Kotamraju Jack Moffett Dawn ResselDiscussion
June 9, 2016
"Adoption is the only thing that matters in innovation — if you’re not changing someone’s behavior, you may have invented something, but you have not innovated."
Saara Kamppari-Miller Nicole Bergstrom Shashi JainKey Metrics: Comparing Three Letter Acronym Metrics That Include the Word “Key”
November 13, 2024
"It’s really hard to make changes to these systems because it’s risk-ridden and a major undertaking."
Malini RaoLessons Learned from a 4-year Product Re-platforming Journey
June 9, 2021
"We are not collecting vanity analytics here, this data is doing real work informing design decisions."
Mackenzie Cockram Sara Branco Cunha Ian FranklinIntegrating Qualitative and Quantitative Research from Discovery to Live
December 16, 2022
"Even virtually, we are a community obligated to treat each other with kindness and respect."
Bria AlexanderOpening Remarks
June 9, 2021
"At first, teams felt like they stopped everything just to prepare for the growth board."
Jackie HoLead Effectively While Preserving Team Autonomy with Growth Boards
January 8, 2024
"Uber incentivizes drivers to be on the road waiting for passengers, which adds to congestion."
Dan HillDesigning for the infrastructures of everyday life
June 4, 2024