Security fails without usability

Venustus

Level 59
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Dec 30, 2012
4,809
Summary: When you make security hard to use, users look for a way around it. That's why efforts to make the internet more secure must be held to a high usability standard.

security-quote1-452x2391-620x328.png

There's a general trade-off between usability and security. It's an old phenomenon, going back well before the computer age. General Benjamin W. Chidlaw, while commander in chief of the joint service Continental Air Defense Command (part of what eventually became NORAD) in 1954, put it this way:


  • Simply put, it is possible to have convenience if you want to tolerate insecurity, but if you want security, you must be prepared for inconvenience.
We hadn't yet invented the word "usability" in 1954, but in this context it means pretty much the same thing as convenience.

Flash forward to 2014, and it's still the case that if it were convenient to be secure, there wouldn't be so much insecurity about.
Professional security software has always tended to be difficult to use, at least to use it properly. Perhaps the classic example is PGP (Pretty Good Privacy), a program written in 1991 to secure email. PGP uses symmetric public key cryptography and hashing to allow users to exchange messages securely and to prove the provenance of those messages


Read More
 
Y

yigido

Reminds me my "Comodo" times :rolleyes:
Summary: When you make security hard to use, users look for a way around it. That's why efforts to make the internet more secure must be held to a high usability standard.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top