Author Archives: enicaise

Training with images & videos? Yes, but good ones!

To improve our security and efficiency, we need well-trained people. It doesn’t have to be everything, but it should be enough to make their lives easier and/or safer. One of the difficulties nowadays is catching people’s attention, even at the office. Forget about long documents—maybe even short ones. When we, as people, want to learn something, we will probably turn to YouTube in the first place. Short educational videos and micro-learning aren’t just buzzwords; they are the current trend in self-education. So, why don’t we embrace the trend?

Let’s take just one example. What will create a better learning context: a cheat sheet with some Microsoft Windows shortcuts or this 47s video created by GUI ESP?

It’s clear, short, aesthetically pleasant, and likely more memorable than a list of keyboard shortcuts.

As another example, we designed a simple communication to remind our customers about this simple yet important behavior: locking your computer when you leave it unattended. We based communication on a simple gesture: hitting the Windows and L keys when you stand up (many people don’t know how easy it is to lock a computer, so they don’t do it systematically). Our main focus here is to teach them how to do it. As the key combination is the first thing you read and we associate it with the words “lock” and “leave,” we create a way to remember the key combination (a mnemotechnic) and when to perform it.

So, as always, think about KISSS (Keep It Simple, Stupid and Seductive) and aim at small and precise behaviour changes.

The intention-behaviour gap in cybersecurity

More and more we see cybersecurity professionals using surveys about attitudes and intention as performance indicators of their interventions. While questions like “Do you think it is important to use complex passwords” might give an insight on someone’s attitude toward password complexity, they are not good indicators of our human-risks. Values, Attitudes, Intentions and Behaviours are sometimes confusing concepts for some people. Here is a quick summary of the differences between values, attitudes, intentions and behaviours and what we should do to reduce the gap.

The Consumer Authentication Strength Maturity Model (CASMM)

A few days ago, Daniel Miessler updated the Consumer Authentication Strength Maturity Model (CASMM) to the version 6.

It is a great #visualization of consumers’ password maturity.

While we are sometimes still struggling with people using shared password or bad quality passwords, it will help show the path to more secure behaviours.

Also, it might create an anchoring effect and move the perceived norm for authentication to a higher level of maturity.

You can find the latest version of the CASMM on Daniel’s website: