The replies about how people "should" notice the funky URL are distressing. Why should they?
If you expect people to become experts on esoteric naming conventions in order to use technology safely and securely, you're the problem, not them.
@mattblaze point #4 from someone who forgot far more about security than they will ever know https://hachyderm.io/@shortridge/111784865253206399 I’m in a reflective mood this week and it’s kind of wild to me that I’m known as a “provocateur” in #cybersecurity for takes like:
💡 don’t shame victims
💡 UX matters, a lot
💡we should understand what we’re supposed to protect
💡 if someone clicking a thing on the thing-clicking machine leads to security failure, they are not the foolish one
💡 the best things a security program can invest in aren’t in the RSAC vendor hall
💡 maybe we should start actually proving outcomes??????????
¯\_(ツ)_/¯
I’m in a reflective mood this week and it’s kind of wild to me that I’m known as a “provocateur” in #cybersecurity for takes like: 💡 don’t shame victims 💡 UX matters, a lot 💡we should understand what we’re supposed to protect 💡 if someone clicking a thing on the thing-clicking machine leads to security failure, they are not the foolish one 💡 the best things a security program can invest in aren’t in the RSAC vendor hall 💡 maybe we should start actually proving outcomes?????????? ¯\_(ツ)_/¯
Matt Blaze
Martin Kelly