Monday, January 30, 2017

Dev-Sec Guideline: Build for ergonomics and usability

Guideline: Build for ergonomics and usability

Part of: Development Security Guidelines
OverviewBuilding a set of Guidelines for Security and Privacy

Every system, component and security measure should be developed to reduce as much human error as possible with automated controls and checks and intuitive and awareness-rich interfaces that prevents errors.

No only business applications, but security controls in applications and in general needs to be intuitive to use. When security controls and checks are complicated people will get annoyed at best, or ignore it at worst.
Dilbert, Usability, 2007-11-16
When you want your users to make use of complex passwords and want them to avoid commonly used passwords, make sure such passwords cannot be chosen. Help them from a technical point-of-view. Another good example was the reCAPTCHA made by Google. Instead of entering hard to read words, numbers or even do puzzles just to prove you are a human, Google dramatically upgraded the usability with just one-click.

Security can already be annoying by itself, just don't make it harder!

More information from OWASP about Building Usable Security.


Post a Comment