Now available: Human-Centered Security by Heidi Trost!
Buy now

Frequently Asked Questions

These common questions about security and their short answers are taken from Heidi Trost’s book Human-Centered Security. You can find longer answers to each in your copy of the book, either printed or digital version.

Where does security impact the user experience?
Security impacts the user experience in nearly every part of the user journey. (Check out Chapter 1, “Security Impacts the User Experience,” for more details.) Security impacts the user experience most often when a user:

  • Signs up or logs in.
  • Sets up or configures a device, service, or account for the first time.
  • Is asked for personal or financial information.
  • Can view or edit the personal information of others (i.e., customer support).
  • Receives communications about security or privacy (i.e., an email, a text message, or a security warning related to their device, account, or personal information).
  • Has to make a security or privacy decision.
  • Has to decide who or what to trust. (For example, is this message/post/website/warning legitimate?)
  • Is using a connected device that could influence the physical world (i.e., a car, IoT device, or machinery).

In these scenarios, your users typically aren’t thinking about security, which means that you and your cross-disciplinary teams need to be thinking about security.

I’m a designer, so what do I bring to the table when it comes to security? Who will listen to me?
If you design products, I guarantee you are designing for the security user experience—even if you have never thought of it that way before. (Check out Chapter 1, “Security Impacts the User Experience.”) The design decisions you make influence the security (and privacy) choices that users make or the actions they take. You (and your cross-disciplinary team) understand your product more than your users ever will—including potential security threats that directly impact your users. You are in a unique position to solve for those threats and protect your users from them.

How do I get buy-in to improve the security user experience?
When talking to leadership, try reframing the conversation around trust, rather than focusing on the word “security.” Trust is where you gain or lose customers. In other words, trust is where the business makes money or loses money.

If people don’t trust you with their information, they won’t sign up. If they lose trust in you by the way you (mis)handle their information, or if they feel you’ve violated their safety or privacy, they’ll leave. If they can’t sign into their account, they’ll leave (or rather, ironically, you’ve made it so they can’t come back). Not to mention the thousands of confused and angry customer service messages you’ll receive and need to address. (See Chapter 1, “Security Impacts the User Experience” and Chapter 7, “Learn and Iterate.”)

When you’re looking to get buy-in and promote collaboration with cross-disciplinary teams, take a cue from my colleague, John Robertson, senior principal UX researcher at Secureworks. John actively seeks out different groups at his organization and joins their Slack channels or participates in discussions around the latest research papers on topics like AI and security. John doesn’t have to do this—it isn’t part of his job description. But, in these low-key forums, the exchanging of ideas is inevitable. John learns about data science and security. The data science and security teams learn about human-centered design. When they have a question, they are more likely to seek John out. And vice versa. Win-win! Do not underestimate these informal channels.1 Chapter 4, “Find the Right People, Ask the Right Questions,” also has more information about finding and collaborating with your cross-disciplinary team members.