Jared Spool
| Jan/19 | Thu | 07:00PM-09:00PM | E51-345 |
Enrollment: Unlimited: No advance sign-up
Prereq: programming
"Which username did I use?"
"Do they want my email address or my nickname?"
"Which password did I use?"
"What was my favorite vegetable when I created this account?"
Nothing wrecks a great user experience like a login form. Our password rules make it hard to remember what we've used, and stupid security questions lock us out of our accounts. And none of these security gymnastics actually prevent our personal information from leaking into the world. (In fact, we often inadvertently make it easier.)
If it's not usable, it's not secure. Unusable authentication systems are a bellwether of poor end-to-end experience. Once you've frustrated a user with their account creation or session authentication, it's extremely hard to win them back.
Security isn't sexy, but when we get it right, we reduce risk and increase user satisfaction. In this entertaining presentation, Jared will explain how to make authentication design a top priority in your experience architecture. He'll show you where the real risks are and why you shouldn't trust others to handle your design's security elegantly.
Jared will walk you through:
How to best protect your users without making them frustrated.
How Amazon reduces fraud and makes money with a multi-state security model.
How to keep the Paranoids at bay without degrading the user experience.
Sponsor(s): Electrical Engineering and Computer Science
Contact: Peter Mager, p.mager@computer.org