I Lost My Password
How usable is security? It’s a question I’ve been asking myself
lately. One of the courses I attended last semester was about cryptography and
secure design. What got me thinking is the fact that security is just 20% technology—80%
is organizational. Security is about people—about trust.
The thing is, the more you try to make a system secure the less usable it becomes—and
as a result, the system actually becomes less secure than its designers intended.
Do you use different passwords for an assortment of accounts you are subscribed
to? Do you change your passwords frequently? I certainly don’t. Security
is always a trade-off between convenience and complexity. People don’t
like complexity, and definitely not at 8:30 in the morning when they need to
log in to start working.
If you ask users to memorize too many passwords they will start sticking post-it
notes on their screen to make sure they don’t have to call tech support.
How secure is that? You just spent 6 months and a few million bucks to end up
with bright yellow post-it notes all over the place with confidential information.
That’s why security is about people, not technology.
This item was posted byon Wednesday, March 31st, 2004.
You can follow comments on this item via the RSS 2.0 feed.
Comments are closed.