UX and security aren't that contradictory
User experience is often described as being diametrically opposed to the objectives of security. Designers want a frictionless authentication experience, security specialists want to ensure a level of security commensurate with the risk of disclosure of secured information and capabilities.
To some extent that's true but not in every aspect and the contradiction probably comes down to opposing goals even within UX between actual UX or interaction (IxD) designers, usability "engineers", and user interface designers.
As a designer I want to reconcile the desire to make authentication and security of private or confidential information not be burdensome or onerous with over-the-top two-factor authentication or excessively complex (and unnecessary) password rules.
But security is a UX issue too, and I thought of what I hope is a good analogy:
The relationship between UX and security is like seeing a psychologist. You expect confidentiality and want assurance that your attendance and notes will remain private and not disclosed to third parties. You want to know their room is physically secure and hard to break into to steal notes. That's the "security" aspect.
But there's also a UX aspect. By having those assurances of confidentially and privacy you are then more likely to be frank and open with you therapist, to disclose thoughts and be more vulnerable than you might if you had concerns about their professionalism or privacy (for example if you were meeting your psychologist in a coffee shop).
Likewise in ICT there's the actual security of hardened systems, authentication, encryption, SSL, salting and hashing passwords, session destruction, secure deletion etc. But also a UX component:
Assuring users of the security and privacy of personal information and access to capabilities like Internet Banking, electronic tax and health records etc will discourage or encourage behaviours, and shape what people are willing to do and provide.
It's not just about slapping on the old SSL Secured padlock graphic (though that is effective and still used today, though often more subtlety in browser address bars) or explicitly telling users "This site is secure" but about making software feel secure, which is much harder, more involved, and sometimes requires decisions and meeting levels of quality outside the designer's direct control.
For example system outages raise concerns about system reliability and robustness. Broken images and links raise concerns about quality control. Just like a friend who says "Don't worry I'll handle it" and then fails to follow through, you want to maintain people's trust and not give them a reason to doubt you.
On the flip side, you may also want to take a broader view and train people to be more skeptical in protecting their private information and less naively trusting, like Australia Post's recent internal ransomware exercise.
So in conclusion, while UX does want to minimise obstacles and frustration for users having to run and grab their phone to get an SMS code, or force re-authentication every session ... there are also some common goals: Security wants to ensure security, UX want products and services to be perceived as secure.