Why won't they just get password managers already!? User empathy for better security

Presented at Diana Initiative 2019, Aug. 10, 2019, noon (60 minutes)

Empathy as a security tool has been trending lately, mostly regarding attackers. But what does it look like to be empathetic to our users? Toward developers? Toward those who make the bugs, cut the corners, reuse their passwords and decline 2FA? And where do you even start? I will make the case that empathetic security design and communication will: - increase take-up of security behaviors by users and developers - improve your ability, as a security professional, to communicate security concepts to developers, decision-makers, designers and users, and - help you design better tools and tips for users. The core of the talk will focus on understanding users and developers. I will give three key concepts to guide you toward empathy, and I will present some entertaining and enlightening research on the beliefs, feelings and threat models that inform user behavior, and answer the question "why won't users just get password managers already?" (It's probably not what you think!) To finish, I will give you some practical techniques for teasing out the reasons behind the reasons why your target audience, be they users, developers, or others, act the way they do, and tools for turning those reasons into incentives for better behavior and mutually agreeable outcomes.

Presenters:

• Keira Paterson - Co-Founder at eConvenor
  Keira Paterson is a Django developer and co-founder of eConvenor.org and is passionate about diversity, equity, sustainability and empathy in technology. Motivated by a desire to see automated tools improving the effectiveness of community organizers, Keira taught herself to code building eConvenor with her partner in 2012. In 2017 she made the jump into web development as a career, while continuing to develop and manage eConvenor. Prior to development, Keira gained 10 years experience in people-focused work, as a trade union organizer, a political volunteer coordinator, staff manager and policy process manager. She now works in her spare time to bring these two worlds together - teaching people stuff to computer-people, and computer stuff to people-people in hopes of a more secure, equitable tech future.

Links:

• https://dianainitiative2019.busyconf.com/schedule#activity_5c6e9916c34e46bdb70002e4

Similar Presentations:

• 30C3 (2013) / Beyond the Tech: Building Internet Freedom Tools for Real People
• DerbyCon 9.0 Finish Line (2019) / Empathy as a Service to Create a Culture of Security
• Texas Cyber Summit 2019 / BT-1050 Shining a Light on Shadow IT in the Cloud