USABLE Resources

This is an ever-green link-dump post of great resources we come across for bridging the gap between usability, security, and at-risk users.

Community + Resources

Slack: SimplySecure.slack.com - email [email protected] for an invite
OpenSource Design Resource hub: http://opensourcedesign.net/ / https://github.com/opensourcedesign
OTF’s Usability lab (with Simply Secure)
Localization support

Usability 101: Introduction to Usability Jakob Nielsen’s introduction, and his classic 10 Usability Heuristics for User Interface Design are important starting points, and carefully and honestly walking through both with a tool will help expose and solve many problems before engaging in more costly work.
Open Source Design Open Source Design is a growing collection of resources for designers working with open source projects. True to its form, it’s run out of an open github repository. Their @opensrcdesign twitter account is also worth following.
SimplySecure The SimplySecure blog is a reliable source of great research and analysis on secure usability, from a series on their learnings on user interaction and research to an important reminder that developers are also users : “In the case of cryptographic agility, “users” aren’t just the consumers buying and using mass-market software. They are also the software developers, architects, and decision-makers who are trying to decide whether and how to integrate cryptography into their systems.”

In-depth analysis of the lessons we learned while protecting Gmail users This post goes through the developer / designer thought process of how to use design to enhance the security of gmail users, and reveals a few key points, such as “Design is the first step to security – Prevent vulnerabilities through product design” and “Users are your best allies – Empower users to take action through a meaningful feedback UI”. You can watch a video going through this in more depth at https://www.youtube.com/watch?v=nkV9kOsTyJU
Notification Overload and User Control Not specifically talking about security, but managing priorities and notifications for users is even more critical for privacy-managing applications.

Designing with an accessible mindset, from the UK Home Office and in particular, their poster series of tips to focus on for different types of disability are succinct but useful. Their poster for Deafness was removed, but the ever-helpful Bernard Tyers suggests some pointers in the comments section, including this insightful piece on designing for Deaf users
Accessibility and Security Research
Web Content Accessibility Guidelines (WCAG)
TeachAccess “The Teach Access initiative has launched a set of best practices for the disciplines responsible for making mobile apps and websites accessible. This tutorial will provide basic training for developers and designers, with more disciplines to come. If you are new to accessibility, you’ve come to the right place – the tutorial will help you get up and running on accessibility via hands-on exercises and useful reference guides. It has been posted on GitHub so that it can be shared widely, enhanced and modified for various uses”
Web Accessibility and Testing This is a brief overview of web accessibility resources for testing created by Nancy Reyes of HearColors.

How Designing For Disabled People Is Giving Google An Edge This is a great post on how Google products are becoming more usable for all users due to accessibility improvements, from improved machine learning and notifications to simply being able to read a screen in full sun because it is following good accessibility guidelines for contrast.

User Personas for Privacy and Security Gus Andrews’ work (originally with OpenITP’s Secure User Practices project) on building user personas which are represent the actual use cases and environments where digital security is critical is required reading
A story about Jessica. You may follow @SwiftOnSecurity for the flippant information-security jokes and relentless trolling of Linux users, but “A Story About Jessica” is a pretty damning indictment of the current state of computer security for actual people, and the actual barriers they face.
Real World Use Case for High-Risk Users More use cases and personas from Eleanor Saitta, starting with digital security tools and looking at the use cases which surround them. If you’re thinking that we’re including a lot of use-case discussion in this list, it’s because it’s important. To quota Ella, “Having empathy with people unlike one’s self is hard — especially when trying to understand the world enough from their perspective that the design choices you make will serve them well. Nowhere is this more true or higher stakes than the design of security systems.”
Understanding Internet Freedom SecondMuses’ “Understanding Internet Freedom” series contains really in-depth studies of specific at-risk communities and the challenges they face with digital security.

Usable Security by University of Maryland, College Park “This course focuses on how to design and build secure systems with a human-centric focus. We will look at basic principles of human-computer interaction, and apply these insights to the design of secure systems with the goal of developing security measures that respect human performance and their goals within a system.”
Design Kit: The Course for Human-Centered Design by IDEO.org “The Course for Human-Centered Design is a seven-week curriculum that will introduce you to the concepts of human-centered design and how this approach can be used to create innovative, effective, and sustainable solutions for social change. This course has been created to reach those who are brand new to human-centered design, so no prior experience required (though we of course welcome previous students to continue honing your human-centered design skills!)”