|
|
|
|
|
|
by turc1656
3430 days ago
|
|
|
"However, the bad news is that hand-typed passwords are increasingly seen as the way of the past; hardware tokens and biometric sensing are considered to be far more usable, and will likely be employed more and more in the future." Anytime you sacrifice security for convenience or simplicity, you lose. That's why I have no intention of ever using anything other than good ol' alphanumeric passwords that must be entered by hand. Anything that doesn't originate directly from my mind is not really protected at all. If all the government needs to do to grab all my data is take my hand and scan it, or hold my eyeball to a sensor, then it's all pointless. |
|
|
No, you don't. And it's exactly this kind of black and white, all or nothing thinking that has hampered the success of the security community for decades.
Security folks, for obvious reasons, are only ever thinking about user scenarios where active security is needed. Scenes involving rubber hoses, angry cops, jealous spouses, competing corporations, etc. Those scenes matter, but they are a very small fraction of most users lives'.
Users are not stupid. When they reason about security, they think about all of the scenarios in their life. And, for every time they get picked up by the secret police and would be really glad they picked a 14-digit alphanumeric passcode, they know there are a million more times where they wanted to take a picture of that cute thing their kid is doing right now and don't want to spend the time unlocking the phone.
That is a real win in the user's mind. And those many small conveniences and joys are a huge part of the equation of their life.
Well-designed systems give users good security by integrating into their whole life, not just the idealized nefarious circumstances security folks spend all day thinking about. If you make your security too annoying, users will route around it, and now they have no security.