Our users trust us. They trust that we will protect them and lead them down the right path. Doing that right the first time is practically impossible. From experience we have learned that almost any surface we expose could have weaknesses. We have to have a plan on how to deal with issues as they arise, an architecture that allows us to correct and protect in products that are already in use. When security is lifted up to the discretion of the user, however, we often fail to inform their decision properly. The usability of security and the architecture for fixability are closely connected, and both need continued refinement and focus. This talk will describe architectural and organizational features that make it easier to make corrective measures. It will also show examples of how difficult it is to design the user experience of security.
Presented at Security Divas 2017