5 rules to make security user-friendly

2023-03-21 05:30

The reality is that the user experience of user security is awful and not getting better.

We think user experience for security should be just as important and as easy as for anything we do.

Because security has been prioritized over UX for so long, it was very often added without properly accounting for the impact of security measures on UX. You can't fix what you can't measure, see and experience.

As a baseline for building better security UX, run UX studies with appropriate personae for the impact of each security measure and workflow enforced by security verifications or interruptions.

If you are developing a banking application, MFA with an authenticator app or smartcard token is more secure, but if you have a 70-year-old customer who is used to SMS and would be confused by these other methods, allow them to stick to what's simple - because some security is better than no security or a user that won't use your application.

The only time you should bring in additional security measures, after login and authentication, is when there is anomalous behavior, or a user is asking to execute a high-value action.

News URL

https://www.helpnetsecurity.com/2023/03/21/make-security-user-friendly/

#security