Designing for the security user experience is challenging because if security controls are too complex or burdensome, users may bypass them, which compromises security. Additionally, the constant evolution of threats means that effective security controls must be continuously updated to stay ahead of threat actors. In other words, what may have been relatively effective yesterday might not be effective tomorrow. Exactly why the security user experience is so exciting!

Thankfully, Kevin Goldman shares my enthusiasm. Kevin is a design executive whose most recent focus has been in identity and access management. Kevin is the Chair of the UX Working Group at the FIDO Alliance, a nonprofit global industry organization that has developed the standards for passkeys.

During this episode, Kevin and I talk about: 

• How to get buy-in for a human-centered approach to the security user experience.
• A key moment when Kevin and in his team faced a UX challenge with passkeys that forced them to take a step back and re-evaluate their approach.
• The surprising findings and resolution after they dug deeper to understand the problem.
• How Kevin worked with his cross-disciplinary team members to identify tradeoffs in usability and security and how they worked through them.