In my last post, I looked at how bad design disrupted good security. It turns out, there’s plenty of academic research that backs up that premise as well.
In a widely cited 1999 paper, researchers studied how the user interface of PGP (Pretty Good Privacy, the most widely used email encryption tool) impacted its adoption among users. Given the paper’s title, Why Johnny can’t encrypt, you can probably already guess the outcome: The researchers found that while PGP was technically strong, it was effectively for most users because it was simply too complex, despite what at that point they considered “an attractive graphical user interface.”
More distressing, a follow-up study was submitted in October 2015 on Mailvelope, one of the implementations of PGP focused on user accessibility. Titled, Why Johnny Still, Still Can’t Encrypt, it found that over the past 11 years, shockingly little had improved, with even experienced computer users struggling to properly use this usability-focused software.
As a result, email remains an inherently insecure platform, despite millions regularly using it to send much of their most personal information — and despite well understood ways to improve that security.
But if bad design has left us vulnerable to the likes of password pandemonium and unencrypted email, good design has helped make great strides, particularly as security professionals have found that sometimes great design means the user has not even seen your work.
Take laptop encryption. While there have been options to encrypt your laptop for many years, relatively few users took advantage of it. While the advantages of having an encrypted laptop were clear (physical access did not mean all your data was available for the taking), they were somewhat abstract until you had a breach, compared to the downside of potentially losing all your data if you forgot your password or, for many users, just the time and complexity of using a third-party service to encrypt your drive.
But starting with Windows 8.1, Microsoft started encrypting hard drives by default. This meant that, for many users, they got the advantage of an encrypted drive without the complexity, or without even realizing that they had an encrypted drive — an advantage that they would surely appreciate if a laptop with sensitive data was stolen.
But Windows also implemented a recovery key system whereby if a user lost their backup key, the systems administrator or Microsoft itself could, in most instances, help recover the key. There is a small tradeoff here — having a third party escrow a key necessarily means that more people could access your data — but for most users, it provided dramatically improved security at a negligible cost.
In this case, the great security design wasn’t thanks to a flashy User Interface or a helpful virtual security assistant, but simply by anticipating the user’s needs and pain points, and addressing them without being asked.
Underwritten by HP and Microsoft.
