Ted has posted another fascinating talk, this time by behavioral economist Dan Ariely. The talk is essentially about how context and complexity can influence decision-making contrary to what one would generally call a rational process.
While interesting in its own right, this analysis could have an immense effect on security. In it's simplest form, OpenBSD understood this years ago with "secure by default" -- make insecure configurations more difficult than secure configuration and systems will, for the most part, be configured properly.
One can take this a step further and apply it to user interface design. Internet Explorer 8 does this with SSL errors -- the user is steered towards not viewing a site instead of blindly clicking through to a potentially hostile page.
Human error is the single largest vulnerability out there. Instead of looking at security as the enemy of usability, there could be a significant security gain by engaging our usability experts to guide users into making smarter decisions about security.
Human error is the single largest vulnerability out there. Instead of looking at security as the enemy of usability, there could be a significant security gain by engaging our usability experts to guide users into making smarter decisions about security.
Posted by: the north face vest | 01/03/2013 at 11:57 PM