Ted has posted another fascinating talk, this time by behavioral economist Dan Ariely. The talk is essentially about how context and complexity can influence decision-making contrary to what one would generally call a rational process.
While interesting in its own right, this analysis could have an immense effect on security. In it's simplest form, OpenBSD understood this years ago with "secure by default" -- make insecure configurations more difficult than secure configuration and systems will, for the most part, be configured properly.
One can take this a step further and apply it to user interface design. Internet Explorer 8 does this with SSL errors -- the user is steered towards not viewing a site instead of blindly clicking through to a potentially hostile page.
Human error is the single largest vulnerability out there. Instead of looking at security as the enemy of usability, there could be a significant security gain by engaging our usability experts to guide users into making smarter decisions about security.
Recent Comments