In this paper we explore why progress has been slow and examine several possible directions. First, the scale and diversity of the web makes one-size fifits all approaches hard. Second, the competition for user attention is fierce: there are no pools of unexploited user effort to be had. Third, persuasion is the only tool we have, mandates being often impossible or undesirable. Charting a way forward in these circumstances is hard. However, we outline several steps to improve the field.
In IEEE Security and Privacy magazine