Saturday, August 10 • 12:00pm - 1:00pm
Why won’t they just get password managers already? User empathy for better security

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
Empathy as a security tool has been trending lately, mostly regarding attackers. But what does it look like to be empathetic to our users? Toward developers? Toward those who make the bugs, cut the corners, reuse their passwords and decline 2FA? And where do you even start?

I will make the case that empathetic security design and communication will:

increase take-up of security behaviors by users and developers
improve your ability, as a security professional, to communicate security concepts to developers, decision-makers, designers and users, and
help you design better tools and tips for users.
The core of the talk will focus on understanding users and developers. I will give three key concepts to guide you toward empathy, and I will present some entertaining and enlightening research on the beliefs, feelings and threat models that inform user behavior, and answer the question “why won’t users just get password managers already?” (It’s probably not what you think!)

To finish, I will give you some practical techniques for teasing out the reasons behind the reasons why your target audience, be they users, developers, or others, act the way they do, and tools for turning those reasons into incentives for better behavior and mutually agreeable outcomes.


Saturday August 10, 2019 12:00pm - 1:00pm
Acacia A&B