Brussels / 3 & 4 February 2024


Bad UX is Bad Security: Adventures in Qubes OS UX Design

There's little love for design and UX in many security-related FOSS projects. After all, why should anyone care about the looks of something created (mostly) for expert users? As long as it works, the user interface is not really important, isn’t it? Designers will often answer with indignation, appeal to possible wider audiences, or just give up on arguing with the hackers. However, bad UX is bad not just for the so-called "normal people". Even the experts are human, and as humans are susceptible to cognitive biases and mistakes; and while privacy and security are great, they are even better when available widely and comfortably, so that their users are not obviously recognizable as "people with something to hide".

For the last several years, I have been working on improving the UX of Qubes OS, a security-focused operating system. In this talk, I will share the insights this work brought me on how improving UX can lead to better security, discuss how user research methods can be used to improve not just the feel of the software, but also its security, and discuss insights from cognitive psychology that can help us create more secure designs.

Qubes OS website My article on security and usability


Photo of Marta Marczykowska-Górecka Marta Marczykowska-Górecka