Security Design: Stop Trying To Fix The User
<https://www.schneier.com/blog/archives/2016/10/security_design.html>: The problem isn't the users: it's that we've designed our computer systems' security so badly that we demand the user do all of these counterintuitive things. Why can't users choose easy-to-remember passwords? Why can't they click on links in emails with wild abandon? Why can't they plug a USB stick into a computer without facing a myriad of viruses? Why are we trying to fix the user instead of solving the underlying security problem?
Why can't users choose easy-to-remember passwords? Why can't they click on links in emails with wild abandon? Why can't they plug a USB stick into a computer without facing a myriad of viruses? Why are we trying to fix the user instead of solving the underlying security problem?
Hard security for personal computers has been a highly regulated field since at least the early nineties (classified as matter of national security subject to weapons exports restrictions). The main reason consumer computing security is so woeful, to non-existent, is basically because that is the way the governments (mostly intelligence agencies) have made it most easy to develop.
participants (2)
-
gb -
Lawrence D'Oliveiro