I Lost My Password
How usable is security? It’s a question I’ve been asking myself
lately. One of the courses I attended last semester was about cryptography and
secure design. What got me thinking is the fact that security is just 20% technology—80%
is organizational. Security is about people—about trust.
The thing is, the more you try to make a system secure the less usable it becomes—and
as a result, the system actually becomes less secure than its designers intended.
Do you use different passwords for an assortment of accounts you are subscribed
to? Do you change your passwords frequently? I certainly don’t. Security
is always a trade-off between convenience and complexity. People don’t
like complexity, and definitely not at 8:30 in the morning when they need to
log in to start working.
If you ask users to memorize too many passwords they will start sticking post-it
notes on their screen to make sure they don’t have to call tech support.
How secure is that? You just spent 6 months and a few million bucks to end up
with bright yellow post-it notes all over the place with confidential information.
That’s why security is about people, not technology.
This item was posted by on Wednesday, March 31st, 2004.
Categories:
You can follow comments on this item via the RSS 2.0 feed.
Comments are closed.
Sunny
