By: Bonnie Anderson
In information security, users are often described as being careless, clueless, or lazy. Fortunately, this dim view of users is changing to recognize that usable security has a lot to do with users' security decisions. At the Neurosecurity Research Lab at Brigham Young University, we're finding that this user stereotype is unfair on a whole different level, specifically, the neurobiological level. The way our brains work drives much of our behavior even security behavior without our being conscious of it. In this talk, I'll share the results of a series of experiments that combine functional magnetic resonance imaging (or fMRI), eye tracking, and traditional usability testing, to show how the way our brains work can sometimes make us the weakest link the security chain. I'll also discuss how these results suggest practical take-aways that you can use to make your security UI more usable.