|
|
|
|
|
|
by pledess
1115 days ago
|
|
|
Login prompts interrupt your flow, and make it more likely for you to be responsible for a security-relevant mistake. Depending on what your job is, this might include pasting sensitive information into email that has an incorrect recipient, losing focus on security requirements for a design, approving a colleague's merge request that introduces a vulnerability into your product, etc. In many situations, the organizational risk from developer distraction is higher than the risk from unattended/stolen machines. There's a substantial amount of research data related (not always directly) to this, e.g., the "Interruptibility of Software Developers" paper from the 2015
ACM Conference on Human Factors in Computing Systems: https://dl.acm.org/doi/10.1145/2702123.2702593 https://www.zora.uzh.ch/110157/1/ZuegerFritz-Interruptibilit... I don't know of a case where distractions from Microsoft SSO login prompts (specifically) were correlated with a higher rate of bugs, such as security bugs. I have heard of one case where a "zero trust" rollout was discontinued because re-authenticating was interfering with development (higher defect rate, but also developers not staying "in the zone" and losing productivity). |
|
|