Section 3.5. Conclusion

3.5. Conclusion

The evidence of fatal flaws in today's security approach is all around us, gracing the edges of monitors across the world. We need to take the initiative. We need to look outward, to the way things "really work" once people are in the mix.

If you are a security expert, you must search for, address, test, and actively solicit feedback about every eventuality.

If you are a student who will study security, seek out professors who spend time in the field observing and studying security systems under real-world conditions. The focus of university teachings to future practitioners needs to change. The yellow sticky phenomenon has become so pandemic that it has received attention in both newspapers and business journals. Both students and professors need to do field studies of real people working in real environments.

If you are among the competent, enlightened security experts who are in the field today, you need to work to change your profession. It is in trouble. Practitioners in this field are, in my experience, uniformly bright and technically competent. They just need a new focus on users.

If you are an interaction designer who must work with a security expert whose focus ends at the edges of the computer screen, don't despair. He or she is in need of help, not criticism. Take responsibility on yourself to form a comprehensive security plan. Ensure that user, field, and quality assurance testing, along with user-feedback systems, are all in place to thoroughly and comprehensively prove out the security design.

If you are an interaction designer who gets to work with a competent security professional, thank your lucky stars. I've had the pleasure of working with more than a few, and it is a sheer joy.