About this site's lack of design: Yes, it's supposed to look this way — I'm using a sandbox theme for WordPress (see it on GitHub).

Dan Rubin's SuperfluousBanter

Design, random musings, and the Web. Since 1977


I Lost My Password

How usable is security? It’s a question I’ve been asking myself
lately. One of the courses I attended last semester was about cryptography and
secure design. What got me thinking is the fact that security is just 20% technology—80%
is organizational. Security is about people—about trust.

The thing is, the more you try to make a system secure the less usable it becomes—and
as a result, the system actually becomes less secure than its designers intended.
Do you use different passwords for an assortment of accounts you are subscribed
to? Do you change your passwords frequently? I certainly don’t. Security
is always a trade-off between convenience and complexity. People don’t
like complexity, and definitely not at 8:30 in the morning when they need to
log in to start working.

If you ask users to memorize too many passwords they will start sticking post-it
notes on their screen to make sure they don’t have to call tech support.
How secure is that? You just spent 6 months and a few million bucks to end up
with bright yellow post-it notes all over the place with confidential information.
That’s why security is about people, not technology.

This item was posted by dhilhorst on Wednesday, March 31st, 2004.


You can follow comments on this item via the RSS 2.0 feed.

Comments are closed.

4 comments on “I Lost My Password”

  1. Posted by Ben Scofield on Thursday, April 1st, 2004.

    The situation gets even worse when you factor in password reminders and resets – if people don’t have access to or use encrypted email, then sending reminders that way is insecure. In that case, you’re basically forced to password resets (either by the user or – horrors – by the system). Argh!

  2. Posted by Sunny on Thursday, April 1st, 2004.

    Any system is as secure as the weakest link. And the weakest link is us – humans.

  3. Posted by Dustin on Thursday, April 1st, 2004.


  4. Posted by Starlight on Friday, April 2nd, 2004.

    I read this having moments ago written a password on a yellow star shaped sticky note and putting it on my monitor until I can remember it. I pondered this very thought at the moment when that action occurred.