Listen wherever you get your favorite podcasts!
Apple podcasts | Spotify | iHeartRadio

Just as a rock climber meticulously checks their gear and follows strict safety protocols to navigate treacherous heights, security UX professionals must also anticipate risks and design safeguards to ensure a smooth and safe journey for users in a digital landscape. In Lou’s interview with Heidi Trost, author of Human-Centered Security: How to Design Systems that are Both Safe and Usable, Heidi highlights the critical safety protocols climbers and belayers follow, which mirror the precautions needed in system design to mitigate human error and anxiety. This analogy sets the stage for a broader discussion on security user experience challenges.

Heidi stresses the necessity of cross-disciplinary collaboration, especially when dealing with sensitive data like personally identifiable information (PII) and electronic protected health information (EPHI). She points out how involving legal and security teams early can streamline projects and improve outcomes. Designers, as facilitators, must bridge the gap between complex security concepts and user comprehension. Heidi’s book helps them do this by using personas to understand how the dynamic between users, security UX, and threat actors shapes.

Lou and Heidi’s conversation explores the evolution of multi-factor authentication (MFA) and its unintended consequences. What started as a simple 6-digit code morphed into a troublesome fatigue for users. Heidi underscores the importance of iterative design to adapt to these evolving challenges, likening the chaos of security interactions to a relentless ping-pong match.

As they look ahead, Louis and Heidi discuss the rapid evolution of AI in security contexts, emphasizing the balance between technological advancement and user protection. With AI assistants poised to know more about individuals than ever, designers must remain vigilant to prevent potential misuse. Their conversation is an invitation for professionals to rethink how they approach security UX and design, encouraging a proactive stance in this ever-changing landscape.

What You’ll Learn from this Episode:

• The Importance of Safety Protocols: Just as climbers rely on safety checks, security UX requires robust protocols to protect users from potential threats.
• Cross-Disciplinary Collaboration: The value of involving legal, privacy, and security teams early in the design process to streamline project timelines and enhance security measures.
• User Dynamics: Insights into the complex relationships between users, security measures, and threat actors, and how these dynamics affect user trust and experience.
• Iterative Design in Security: The necessity of adapting security measures, such as multi-factor authentication, based on user feedback and evolving threats to avoid fatigue and exploitation.
• The security threats of AI: The challenges and considerations of integrating AI technologies in security systems, focusing on the need for vigilance to prevent misuse and ensure user protection.
• The Role of Designers as Facilitators: How designers can bridge the gap between complex security concepts and user comprehension, fostering better communication and understanding in security UX.

Quick Reference Guide:
0:25 – Meet Heidi and get a rock climbing primer
5:55 – Emerging protocols in the security space
8:20 – The designer’s role in security
10:13 – Other “roles” – the user, the security user experience, the threat actor
15:09 – Designers as translators, conversation facilitators, and advocates
17:22 – Rosenverse – why you need it
19:44 – Security UX vs other types of UX
22:38 – The threat actor
26:06 – Changes and threats with AI
31:59 – Heidi’s gift for listeners