Whilst user- and people-centered design are accepted routes for digital services, they are less commonly used in the design of technologies that control access to data and the security of information. The ubiquity of both technology and programmes such as ``digital by default'' as well as the weaving of digital systems into the everyday fabric of society, create an environment in which people and technology become enmeshed. Such an environment might be termed ``post-digital'' and its security is dependent on a people-centered approach to its design. In this paper we present a study that uses critical design techniques coupled with critical security analysis to examine how security might be approached in a post-digital context. We call for a paradigm shift towards a people-centered security practice and using a case study then make practical recommendations as to how this shift might be achieved.