On Passkey Usability
Matt Burgess tries to only use passkeys. The results are mixed.
Continue reading On Passkey Usability
Category Archives: usability
Why doesn’t file/folder encryption work the way I imagine it should? Can I have the UX I want? Tell me what’s wrong with this idea
I have been looking around at various encryption schemes, and I haven’t found anything exactly like what I want in terms of user experience.
If what I want isn’t a thing, I assume it’s been thought of, but other approaches won out. So can … Continue reading Why doesn’t file/folder encryption work the way I imagine it should? Can I have the UX I want? Tell me what’s wrong with this idea
Why don’t applications suggest passwords themselves?
Imagine a web app that, on the login page, has a password field which does not allow user input, but just displays a client-only generated password that is reasonably strong, with a button to re-generate the password.
In this approach, ins… Continue reading Why don’t applications suggest passwords themselves?
Apple’s Lockdown Mode
I haven’t written about Apple’s Lockdown Mode yet, mostly because I haven’t delved into the details. This is how Apple describes it:
Lockdown Mode offers an extreme, optional level of security for the very few users who, because of who they are or what they do, may be personally targeted by some of the most sophisticated digital threats, such as those from NSO Group and other private companies developing state-sponsored mercenary spyware. Turning on Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura further hardens device defenses and strictly limits certain functionalities, sharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware…
Hiding Vulnerabilities in Source Code
Really interesting research demonstrating how to hide vulnerabilities in source code by manipulating how Unicode text is displayed. It’s really clever, and not the sort of attack one would normally think about.
From Ross Anderson’s blog:
We have discovered ways of manipulating the encoding of source code files so that human viewers and compilers see different logic. One particularly pernicious method uses Unicode directionality override characters to display code as an anagram of its true logic. We’ve verified that this attack works against C, C++, C#, JavaScript, Java, Rust, Go, and Python, and suspect that it will work against most other modern languages…
Industrial Design Hack Chat
Join us on Wednesday, September 8 at noon Pacific for the Industrial Design Hack Chat with Eric Strebel! At Hackaday, we celebrate all kinds of hardware hacks, and we try …read more Continue reading Industrial Design Hack Chat
On Risk-Based Authentication
Interesting usability study: “More Than Just Good Passwords? A Study on Usability and Security Perceptions of Risk-based Authentication“:
Abstract: Risk-based Authentication (RBA) is an adaptive security measure to strengthen password-based authentication. RBA monitors additional features during login, and when observed feature values differ significantly from previously seen ones, users have to provide additional authentication factors such as a verification code. RBA has the potential to offer more usable authentication, but the usability and the security perceptions of RBA are not studied well…
Let user send an email to register to prevent outgoing mail abuse
Problem
Consider a standard sign-up form (user enters an email address, we send a confirmation link).
Even limiting that form per IP (or even globally per hour), I’m concerned about abuse:
Our real-world reputation would be harmed if someo… Continue reading Let user send an email to register to prevent outgoing mail abuse
Zoom UX teardown: 5 fails and how to fix them
Valued at over $60 billion and used by millions each day for work and staying in touch with friends and family, the COVID-19 pandemic has helped make Zoom one of the most popular and relevant enterprise applications. On one level, its surge to the top can be summed up in three words: “It just works.” […] Continue reading Zoom UX teardown: 5 fails and how to fix them
What standardized schemes exist for representing binary data in a human-readable manner?
Occasionally (in cryptography and elsewhere), the need arises to represent arbitrary binary data (such as hashes or private keys) in a way that humans can process/memorize more easily than for example hexdumps.
I am aware of three such sc… Continue reading What standardized schemes exist for representing binary data in a human-readable manner?