Just as a rock climber meticulously checks their gear and follows strict safety protocols to navigate treacherous heights, security UX professionals must also anticipate risks and design safeguards to ensure a smooth and safe journey for users in a digital landscape. In Lou’s interview with Heidi Trost, author of Human-Centered Security: How to Design Systems that are Both Safe and Usable, Heidi highlights the critical safety protocols climbers and belayers follow, which mirror the precautions needed in system design to mitigate human error and anxiety. This analogy sets the stage for a broader discussion on security user experience challenges.
Heidi stresses the necessity of cross-disciplinary collaboration, especially when dealing with sensitive data like personally identifiable information (PII) and electronic protected health information (EPHI). She points out how involving legal and security teams early can streamline projects and improve outcomes. Designers, as facilitators, must bridge the gap between complex security concepts and user comprehension. Heidi’s book helps them do this by using personas to understand how the dynamic between users, security UX, and threat actors shapes.
Lou and Heidi’s conversation explores the evolution of multi-factor authentication (MFA) and its unintended consequences. What started as a simple 6-digit code morphed into a troublesome fatigue for users. Heidi underscores the importance of iterative design to adapt to these evolving challenges, likening the chaos of security interactions to a relentless ping-pong match.
As they look ahead, Louis and Heidi discuss the rapid evolution of AI in security contexts, emphasizing the balance between technological advancement and user protection. With AI assistants poised to know more about individuals than ever, designers must remain vigilant to prevent potential misuse. Their conversation is an invitation for professionals to rethink how they approach security UX and design, encouraging a proactive stance in this ever-changing landscape.
Quick Reference Guide:
0:25 - Meet Heidi and get a rock climbing primer
5:55 - Emerging protocols in the security space
8:20 - The designer’s role in security
10:13 - Other “roles” - the user, the security user experience, the threat actor
15:09 - Designers as translators, conversation facilitators, and advocates
17:22 - Rosenverse – why you need it
19:44 - Security UX vs other types of UX
22:38 - The threat actor
26:06 - Changes and threats with AI
31:59 - Heidi’s gift for listeners
Human-Centered Security: How to Design Systems that are Both Safe and Usable by Heidi Trost
Start at the End by Matt Wallaert https://www.amazon.com/Start-End-Products-Create-Change/dp/0525534423
Matt Wallaert on YouTube https://www.youtube.com/channel/UC2jGPUntrvxMl6t-H-t2isA and LinkedIn https://www.linkedin.com/in/mattwallaert/
“People are people, and people forget things.”
“UX teams and development teams now have learned the hard way that it's much easier to involve these cross-disciplinary teams from the very beginning, so they don't stop your projects.”
“When teams are brought together, they come up with better, more effective solutions that are both secure and usable.”
“Humans are humans, including security people.”
“UX designers need to understand what you’re protecting and where things could go wrong.”
