Speaker
Description
In Security, we are trying to protect against many different threats: ransomware, DDoS attacks, phishing/social engineering, data leaks, etc.
In this lightning talk, I will explain why poor UI and UX design can lead to exploitation of some of these threats.
UI and UX are terms commonly used for the user friendliness of applications. UI: User Interface refers to the look of an application, whereas UX is the user experience; e.g. how clear everything is to the user.
Examples of bad UI/UX impacting security:
- E-mail clients: not clearly indicating encryption (e.g. gpg) is used or how to use it
- E-mail clients: not clearly indicating which E-mail you received a mail from
- E-mail anti-phishing protection: Copy pasting safe links leading to data leaks
- Browsers: Not clearly indicating the certificate of the website
- Websites: Giving a password strength indicator that is flawed
Therefore, poor UI and UX design is an important vulnerability that needs to be tackled in an organization. So important, that a research project from the Radboud University (NL) has coined a new term for security called "actual security". I will end the lightning talk with the definition of this term and give recommendations on how we can improve the current state.
