The Networking Nerd 2024年07月05日
User Discomfort As A Security Function
index_new5.html
../../../zaker_core/zaker_tpl_static/wap/tpl_guoji1.html

 

文章探讨了在信息安全领域,应该采用“不适设计”的理念,通过让用户感到不适,从而提高安全意识。文章以电影《战争游戏》中的双钥匙启动系统为例,说明了可见的控制机制的重要性。作者认为,安全措施应该被用户感知到,而不是隐藏起来,因为只有用户意识到他们正在进行一项重要的操作,才能更好地理解风险,并采取相应的措施。

👨‍💻 **可见的控制机制:** 文章以电影《战争游戏》中的双钥匙启动系统为例,强调了可见的控制机制的重要性。只有让用户看到他们正在进行一项需要谨慎操作的流程,他们才会更加重视安全问题。例如,在进入安全设施时,需要将个人设备存放在储物柜中,这个过程虽然会让用户感到不适,但它明确地向用户传达了信息:他们不应该在该设施内使用个人设备,并确保了信息的安全。

🔐 **“不适设计”的必要性:** 文章认为,安全解决方案应该让用户感到不适,从而提高他们的安全意识。例如,在登录敏感系统时,需要使用更安全的登录方式,或者在飞机上坐在紧急出口座位时,需要确认是否愿意承担相应的责任。这些“不适设计”能够让用户意识到他们正在进行一项重要的操作,并理解相关的风险。

⚠️ **隐藏安全措施的弊端:** 文章指出,近年来,安全措施越来越倾向于隐藏起来,以减少用户摩擦。但这会导致用户对安全问题的感知下降,更容易受到网络攻击的威胁。例如,钓鱼邮件可能会使用锁的表情符号来伪造安全的链接,或者伪造的登录界面与真实界面几乎相同,难以辨别。

💪 **安全设计需要平衡:** 文章强调,安全设计需要在用户友好性和用户摩擦之间取得平衡。不能为了追求极致的安全而牺牲用户体验,也不能为了方便用户而忽视安全问题。理想的方案是让用户意识到他们正在进行一项需要安全注意的操作,但不会让他们感到过于繁琐或难以使用。

🛡️ **提高安全意识的重要性:** 文章最后总结,提高用户安全意识是至关重要的。即使用户可能会抱怨一些安全措施,例如定期更改密码或使用安全令牌,但这些措施可以有效地防止安全事故的发生。

If you grew up in the 80s watching movies like me, you’ll remember Wargames. I could spend hours lauding this movie but for the purpose of this post I want to call out the sequence at the beginning when the two airmen are trying to operate the nuclear missile launch computer. It requires the use of two keys, one each in the possession of one of the airmen. They must be inserted into two different locks located more than ten feet from each other. The reason is that launching the missile requires two people to agree to do something at the same time. The two key scene appears in a number of movies as a way to show that so much power needs to have controls.

However, one thing I wanted to talk about in this post is the notion that those controls need to be visible to be effective. The two key solution is pretty visible. You carry a key with you but you can also see the locks that are situated apart from each other. There is a bit of challenge in getting the keys into the locks and turning them simultaneously. That not only shows that the process has controls but also ensures the people doing the turning understand what they’re about to do.

Consider a facility that is so secure that you must leave your devices in a locker or secured container before entering. I’ve been in a couple before and it’s a weird feeling to be disconnected from the world for a while. Could the facility do something to ensure that the device didn’t work inside? Sure they could. Technology has progressed to the point where we can do just about anything. But leaving the device behind is as much about informing the user that they aren’t supposed to be sharing things as it is about controlling the device. Controlling a device is easy. Controlling a person isn’t. Sometimes you have to be visible.

Discomfort Design

Security solutions that force the user out of a place of comfort are important. Whether it’s a SCIF for sharing sensitive data or forcing someone to log in with a more secure method the purpose of the method is about attention. You need the user to know they’re doing something important and understand the risks. If the user doesn’t know they’re doing something that could cause problems or expose something crucial you will end up doing damage control at some point.

Think of something as simple as sitting in the exit row on an airplane. In my case, it’s for Southwest Airlines. There’s more leg room but there’s also a responsibility to open the door and assist in evacuation if needed. That’s why the flight attendants need to hear you acknowledge that warning with a verbal “yes” before you’re allowed to sit in those seats. You have admitted you understand the risks and responsibilities of sitting there and you’re ready to do the job if needed.

Security has tried to become unobtrusive in recent years to reduce user friction. I’m all about features like using SSL/TLS by default in websites or easing restrictions on account sharing or even using passkeys in place of passwords. But there also comes a point when encapsulating the security reduces its effectiveness. What about fishing emails that put lock emojis next to URLs to make they seem secure even when they aren’t? How about cleverly crafted login screens for services that are almost indistinguishable from the real thing unless you bother to check the URL? It could even be the tried-and-true cloned account on Facebook or Instagram asking a friend for help unlocking their account only to steal your login info and start scamming everyone on your friends list.

The solution is to make users know they’re secure. Make it uncomfortable for them so they are acutely aware of heightened security. We deal with it all the time in other areas of our lives outside of IT. Airport screenings are a great example. So are heightened security measures at federal buildings. You know you’re going somewhere that has placed an emphasis on security.

Why do we try to hide it in IT? Is it because IT causes stress due to it being advanced technology? Are we worried that users are going to drop our service if it is too cumbersome to use the security controls? Or do we think that the investment in making that security front and center isn’t worth the risk of debugging it when it goes wrong? I would argue that these are solved problems in other areas of the world and we have just accepted them over time. IT shouldn’t be any different.

Note that discomfort shouldn’t lead to a complete lack of usability. It’s very easy to engineer a system that needs you to reconfirm your credentials every 10 minutes to ensure that no one has hacked you. And you’d quit using it because you don’t want to type in a password that often. You have to strike the right balance between user friendly and user friction. You want them to notice they’re doing something that needs their attention to security but not so much that they’re unable to do their job or use the service. That’s where the attention should be placed, not in cleverly hiding a biometric scanning solution or certificate-based service for the sake of saying it’s secure.


Tom’s Take

I’ll admit that I tend to take things for granted. I had to deal with a cloned Facebook profile this past weekend and I worried that someone might try to log in and do something with my account. Then I remembered that I have two-factor authentication turned on and my devices are trusted so no one can impersonate me. But that made me wonder if the “trust this device” setting was a bit too easy to trust. I think making sure that your users know they’re protected is more critical. Even if it means they have to do something more performative from time to time. They may gripe about changing a password every 30 days or having to pull out a security token but I promise you that discomfort will go away when it saves them from a very bad security day.

Fish AI Reader

Fish AI Reader

AI辅助创作,多种专业模板,深度分析,高质量内容生成。从观点提取到深度思考,FishAI为您提供全方位的创作支持。新版本引入自定义参数,让您的创作更加个性化和精准。

FishAI

FishAI

鱼阅,AI 时代的下一个智能信息助手,助你摆脱信息焦虑

联系邮箱 441953276@qq.com

相关标签

安全设计 用户体验 信息安全 网络安全 不适设计
相关文章