Scout Brody is executive director of Simply Secure, a nonprofit that works to make security and privacy technologies usable by technologically unsophisticated people by focusing on usability and human factors.
In a short, smart interview with the O'Reilly Security Podcast (MP3, Brody talks about how a humanistic, human-centered mindset is essential to producing usable (and hence, effective) security. Critically, she also offers excellent advice on how to bring these human-centered practices into your product and service design.
I volunteer on Simply Secure's advisory board, and really believe in this work.
A powerful tool you can adopt when talking to users is cognitive walkthrough. In essence, you ask them to tell you what they're thinking as they're thinking it. So, if you're going to do a cognitive walkthrough for an encryption program, you might say, ‘I'd like you to encrypt this email message. Please tell me what you're doing as you're doing it and all of the thoughts that occur to you.’ You might hear someone say, ‘Oh, wow, okay, so I'm going to encrypt. I don't really know what I'm doing. I'm going to start by pushing this button because that looks good. That's green. I'm going to push that.’ You can really hear the thought process that people are going through.
If you're in a more formal user study context, it can be useful to get the user's consent to videotape—not necessarily the person, but the screen—and see what they're doing because then you can play it for your colleagues. This is one of the most convincing ways you can make a case that your tool has problems or your tool needs improvement. Thus, just by videotaping people trying to use a tool and showing the challenges they face, you can identify ways to improve the user experience.
Scout Brody on crafting usable and secure technologies
Scott Edelman writes, “I interviewed George R. R. Martin at a Thai restaurant on Episode 42 of my Eating the Fantastic podcast (MP3), and after I returned home, remembered I’d also interviewed him back in 1993. After digging out the tape, I couldn’t resist incorporating his amusing admission about ‘a fantasy novel I’ve been working […]
Zero-knowledge proofs are one of the most important concepts in cryptography: they’re a way to “validate a computation on private data by allowing a prover to generate a cryptographic proof that asserts to the correctness of the computed output” — in other words, a way to prove that something is true without learning the details.
Retroworks’ $18 decoder rings don’t have much by way of cryptographic robustness (they compare disfavorably to the cipher-wheel wedding rings my wife and I wear!), but they’re not a bad way to introduce the littlies in your life to the idea of habitual secrecy. (via Red Ferret)
The current web development landscape is rife with buzzwords and technology that gets abandoned almost as soon as it’s made. If you’ve never written a line of code before, it can be hard to figure out what’s coming, what’s here to stay, or how to get ahead.This Beginner Web Development Bundle is a great place […]
The Fader Stealth Quadcopter from TRNDlabs packs incredible flight performance into a package small enough to land on your phone screen, and it’s available now in the Boing Boing Store.The Fader’s six-axis gyroscope module gives it perfect balance in the air. This makes the onboard 720p HD camera all the better for shooting amazing flight […]
Although fully autonomous vehicles aren’t yet allowed on public streets, they are poised to dominate the roads in the not-too-distant future. But before that happens, Apple, Google, Uber, and other companies now investing in self-driving tech are going to need talented developers that can account for the dizzying array of factors at play when a […]