About this site's lack of design: Yes, it's supposed to look this way — I'm helping create a new sandbox theme for WordPress (see it on GitHub).

Dan Rubin's SuperfluousBanter

Suffering from chronic idiocy since 1977

|

I Lost My Password

How usable is security? It’s a question I’ve been asking myself
lately. One of the courses I attended last semester was about cryptography and
secure design. What got me thinking is the fact that security is just 20% technology—80%
is organizational. Security is about people—about trust.

The thing is, the more you try to make a system secure the less usable it becomes—and
as a result, the system actually becomes less secure than its designers intended.
Do you use different passwords for an assortment of accounts you are subscribed
to? Do you change your passwords frequently? I certainly don’t. Security
is always a trade-off between convenience and complexity. People don’t
like complexity, and definitely not at 8:30 in the morning when they need to
log in to start working.

If you ask users to memorize too many passwords they will start sticking post-it
notes on their screen to make sure they don’t have to call tech support.
How secure is that? You just spent 6 months and a few million bucks to end up
with bright yellow post-it notes all over the place with confidential information.
That’s why security is about people, not technology.

This item was posted by dhilhorst on Wednesday, March 31st, 2004.

Categories:

You can follow comments on this item via the RSS 2.0 feed.

Comments are closed.

4 comments on “I Lost My Password”

  1. Posted by Ben Scofield on Thursday, April 1st, 2004.

    The situation gets even worse when you factor in password reminders and resets – if people don’t have access to or use encrypted email, then sending reminders that way is insecure. In that case, you’re basically forced to password resets (either by the user or – horrors – by the system). Argh!

  2. Posted by Sunny on Thursday, April 1st, 2004.

    Any system is as secure as the weakest link. And the weakest link is us – humans.

  3. Posted by Dustin on Thursday, April 1st, 2004.

    YES!

  4. Posted by Starlight on Friday, April 2nd, 2004.

    I read this having moments ago written a password on a yellow star shaped sticky note and putting it on my monitor until I can remember it. I pondered this very thought at the moment when that action occurred.