this post was submitted on 20 Sep 2023
7 points (100.0% liked)
cybersecurity
3221 readers
102 users here now
An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!
Community Rules
- Be kind
- Limit promotional activities
- Non-cybersecurity posts should be redirected to other communities within infosec.pub.
Enjoy!
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I’m writing QA tests to test an improved user experience with one of our security tools.
I’ve worked on security teams that live by security first and user experience a distant second or third priority. We as security still have to keep in mind that if business processes break, or if the user experience is too poor, then leadership and users will do everything they can to circumvent or get exceptions for the control.
What do you folks think about balancing user experience with security?
If your UX is bad in favor of better security, your users will tend to find ways to circumvent your security haha. So good thing to keep in mind.
If you add any specific measure I could comment on that, but generally I think that user experience must be taken into account up to a point. You won't disable 2FA so they don't have to get their phone, but you implement it with SSO so logging in once is sufficient.
Power users such as admins on the other hand should be able to understand and use higher security measures such as 2FA for every administrative login.