Slashdot Mirror
Are Usability & Security Opposites in Computing?
krozinov writes "Instinct tells us that computer security and computer usability are inversely proportional to each other. In other words, the tougher and stricter the security is, the less usability there is, and vice versa. However, there have been plenty of cases where both computer security and computer usability went hand in hand with each other and actually improved together. In the last few years security has been the biggest buzzword in computer systems and as such has become part of our computer systems. Before that, computer systems were all about getting it done faster and easier, but now they must also do it securely. Can the two continue growing together? This paper argues that it can, as evident by the most recent Indian Assembly Election."
Most applications manage being both unusable and insecure just fine.
- create a series of passwords, which may be as simple as adding a number to the end.
- or, write down passwords
System Admins and Managers can force unique passwords, keep a long password history, and check desks, but then the burdon falls more heavly on their help desk system.No matter what the password policy eventually users will need to have a password reset, each time is a cost on the tech support system. Proper security whould have a security officer phyically identify each user before reset but that would be costly, so they instead ask a couple of profile questions. Which open up social engineering issues. So generally, the harder your password policies are, then the easier your reset policies need to be, (unless cost really isn't an issue).
The force that blew the Big Bang continues to accelerate.
I can make a horrible to use app that is insecure, and with a bit of effort, make a system that is secure, but easy to use.
Take pgp and email. There are TONS of plugins for various emali clients to support signing and encrypting email. Yes, encryption can be broken someday, it's true, but if someone made a plugin that bumped it to 16k keys, it's easy and fairly secure. If people are further educated and enforcfed to not share their password and private key, it's quite possible.
If you make a system that requires dozens of passwords to do things, duh, people will reuse their passwords or make they simple, or worse yet, put them on their monitors.
-
ping -f 255.255.255.255 # if only
That computers are like women. Insecure, and unusable.
One of the things that has killed both usability and security of modern computers is feature creep. The ability to run Visual Basic scripts as part of your file browser. Javascript interpretations of file names.
Most people forget that computers should only have one button. It should be marked "do exactly what the user want me to do," and it should do exactly that. Unfortunately, many systems are not designed from the viewpoint of a new user, but rather the professional user who created the system. There are five or six areas where a command can be found in the windows Explorer interface, and a given command can be in one, two, or all of them. Very occasionally, a command will only be available in the help file. sKill is far more usable than Kill -3.14159265, yet is no less secure. If end-users couldn't see what they couldn't access, they would have a much less cluttered interface and less obvious routes of attack.
The ______ Agenda
If you're going to say "This question has been around since the beginning of computing, and can even be said to date back to biblical times.", perhaps the footnote could link to the bible text in question, or even an explanation? Konstantin, since you're reading -- what are you talking about? "Shibbolet"? The rock over Laban's well?
As far as the main point, I'm not sure how newsworthy it is. But it's certainly news to the admins here, who are convinced that more, longer, more complex, more frequently rotated passwords continue to add security with every new layer of complexity.
What I'm listening to now on Pandora...
"Instinct tells us that computer security and computer usability are inversely proportional to each other."
I don't think this is particularly true. In all walks of life, if something is more usuable, then it tends to be more secure, if only because if it is easier to lock something then people are more likely to lock it.
If it is easy to use the security features on a computer, people will. A lot of home routers tend to be left in an insecure state simple because securing them is too complicated and it is the type of task that can only be done if you already know how to do it.
I would be willing to bet that if you did a survey of the broadband routers installed by 'normal' home users, the ones with the highest usability of the firmware, would also tend to be the ones that have been scured the most.
The hassle of viruses, worms and other crap which appear on people's machine causes many usability problems in my book. The more maintenance you need to do on a machine the less usable it is. A windows machine needs plenty of work to keep up with updates, spyware, adwares and viruses. On the other hand the OS which doesn't execute things automatically when you visit a web site doesn't require as much maintenance.
I always use the analogy of cars. Cars have locks on their doors, then you have to use your key to turn the motor on. Now imagine cars without locks on their doors. One less hassle in the way of doing what you want right? How about no keys to turn on the car. It automatically turns on when you put your seat belt on. Wow! What an amazing car!! Guess what though? That type of car wouldn't stay in the driveway for very long. Well a Windows computer is that type of usable car that doesn't stay in your driveway for very long. Linux might ask you to put a key in the door and turn the engine on with that same key but at least it's still in the driveway when you need it.
Architecturally, it is generally accepted that the security of a building is opposed to it's accessibility. Take for example a grocery store. The ease with which customers can get in and out is directly related to how easy it is for the place to be robbed. Movie theater design is similar.
However, usability overcomes some of these problems by making entrances obvious, door opening automatic, lighting bright, etc. I believe a comnputer interface should be the same. Just because I have to remember a password, doesn't mean that entering it need be. Perhaps many passwords presents a different problem, but one of the supposed ideals behind biometric data is that it can be greatly complex and yet still readily available. But does that mean it's less secure?
There is no need to use a SlashDot sig for SEO...
Q. Are Usability & Security Opposites in Computer Systems?
A. Yes, for instances where security measures do decrease usability. No, for instances where they don't.
A2. Yes, for instances when software makers don't care about security, nor about integrating it properly. No, for instances where they show they care about security and want to do it properly.
Come on, seriously. Sometimes, various measures for security make things "harder" to use. But there are so many things which define "security". Authentication, authorization, encryption, access, and each at several different levels.
The ultimate answer is, yes, security and usability are opposites when the responsibility for the security measures rests entirely upon the end user. Simple example: Make a user have a password, and they'll make it their dog's name (not secure). Force it to be too complex, and they'll forget it (not usable). Mandate that it be changed every week AND be too complex, and they'll write it down (not secure or usable).
When the security measures are administered by a skilled external entity (such as a knowledgeable and sensible IT staff) or integrated seamlessly into applications and operating systems (by knowledgeable and sensible software makers), they can be "usable". In fact, "usable" is the wrong word: it should be "transparent".
There are ways to make good security - whether it's for an entire organization or a single workstation - usable, and non-intrusive. It just takes someone with the skill, knowledge, and foresight to do it.
Usability, security and cheapness. You can have any two
Can the two continue growing together?
I've used OpenBSD on my desktop for ages. Pick a nice WM and you're set.
Security does not preclude usability.
Trolling is a art,
Security might be a negative as far as usability is concerned initially. However, that must be weighed against downtime as a result of s security breach. Once this is taken into account, we may have a better overall picture of true usability.
You're computer isn't very usable if it gets polluted by viruses :)
Seriously though, there is an inconvenience, but that's all. I have to configure my router to let BitTorrent through, but the fact that I have to do this gives me an immense boost to my computer's security, by virtue of the fact that nothing is sent to my comp's ports unless I tell the router to let it through.
**This begins my ever-changing sig
We need a -1 RTFA moderation option!
**This concludes my ever-changing sig
Wasn't that the election where it was so easy for all those dead people voted securely?
I agree with you about the broadband firmware, but you would probably also find that the most "secure" routers are also the ones behind which it is the gretest hassle to play games, use p2p apps and various other direct-connect items, therefore its usablity to the average user is less.
If you can't see the value in jet powered ants you should turn in your nerd card. - Dunbal (464142)
Useability is what happens after security is cleared. Securitys whole point is to give useability to those that are authorized to have it. If security is interfering with useability, then you will find that even people with authorization will start looking for ways to subvert it. Thus, any security that interfers with useability is bad security.
Its kind of like welding car doors shut and calling it more secure. It is until people start entering through the windows on a daily basis.
Just look at CD copy security measures that get cracked in minutes because they interfere with useability.
Because nothing makes a system more usable than being completely pwned.
Perhaps you could word it more meaningfully as "security vs. freedom". Those two generally have to battle it out, and not just when it comes to computers. For a computer example, if you secure a machine from user tampering, the users won't be able to change everything they want. If you don't allow users to delete files, then they might not always be able to delete the files they want. However, this need not affect usability when it comes to useful tasks.
Speaking of freedom and security, someone wanna lay out the Franklin quote? (I bet it shows up in this post before the day is done).
Security & usability opposites? No, an application can be secure and just as usefull.
Security & ease of use on the otherhand. Security is an inconvinience when it comes to ease of use.
Look at automatic login (In Windows XP or Linux) for example. Convinient? Yes. Easy? Reasonable easy to setup. Secure? Unless the console is in a bunker bunker with you and no one else. Not really.
I called it the Security to Convenience scale. Where 10 is perfectly secure and 1 is perfectly easy to use. However, in this notion security features can be seen as usability bugs.
I've already discussed this humorously here. The point being that if you really want to you can see things like BSODs as security features. Difficulty in configuration can be seen as a usability feature because it prevents security.
If you squint hard enough all bugs are features and all features are bugs. This view point is utterly useless in the real world, however, strangely orthogonal it may be. It still bears thought for the system designer to consider that his perfectly secure system may render the system so close to useless as to make it practically so... and thus cost him his job either directly or indirectly.
[signature]
In the most basic case almost any security requires processing overhead. Authentication, encryption, validation, etc. No matter how you approach this, there's more work being done than if you didn't care. This makes a slower system. Longer response times impact usability directly.
This doesn't really hit on a side issue. Secure systems take a hell of a lot more work to design and implement. If a system is being developed on a schedule, chances are many minor enhancements that could have been incorporated in a product will be orphaned by lack of resources do to security requirements. This software is inevitably less functional do to the division of labor across the scope of the project.
Are Usability & Security Opposites in Computing?
I propose the following experiment. Yes, yes I know there are service packs and patches available, that's why I'm calling this an experiment.
Take a Windows XP CD and load it onto a system you're not using for anything important at the moment. Do not connect it to a network in any way, shape, or form. Load the PC up with applications. Roughly judge load times, mouse and keyboard times...mess around with it a while and see how responsive it is. Not too bad, right? Fairly useable.
Now, plug your netcard directly into your net. No firewall. I suggest plugging the box directly into a cablemodem. Wait 24 hours.
Notice any difference? This is exactly why Usability and Security are NOT opposites. Any box that's running 99% cpu with malware and viruses is damn near unusable.
Weaselmancer
rediculous.
I couldn't agree more. In fact, I'd go as far as to say that usability is a necessary minimum requirement for security. After all, a very large proportion of attacks succeed because of a simple human failure, not an electronic one.
For example, if banks would stop constantly requiring me to remember seventeen different ID numbers, "memorable" words and phrases, I might notice the e-mail they send out reminding me not to give out my PIN number to anyone else.
On a more techie level, languages where it's easy to code properly make careless errors like allowing buffer over-runs or SQL injection less likely.
At the heart of good usability are principles like KISS and not giving the user unnecessary chances to go wrong. These don't exclude giving the user power, but what better partner for keeping a user safe than not giving them silly chances to do dangerous things?
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
There is often a trade-off between security and convenience rather than usability. It is necessary to strike the right balance between the two. There is little point in adding layer upon layer of security for something which is not worth protecting. Equally, a little inconvenience can be justified for the protection of something valuable.
The phrase in development is 'cheaper, faster, better: pick two' can be modified for the topic at hand: 'secure, useable, cheaper, faster: pick two'
I realize this wasn't meant to be about politics, but the topics are connected. When you abstract ideas about computer security to general axioms, I think you'll find that they have meaning in personal/political security.
The car metaophore should be banned!
Its like you are lying on the ground on front of my car comparing something in computing to cars and I drive over you.
you're confusing usability in this case with convience. there's a distinct, yet important difference. usability means something is easy to do and use -- for example it's easy to install an app in mac os x. you just drag a .app file to the applications folder. this is far more usable than a windows wizard installer (less complex, less steps, less reading, less chance for error, etc). however, lets say i set my account up to be a "Standard" user in mac os x. now when i perform this operation, i get an authentication dialog that asks me for an administrator username and password. this is an inconvience. the usabilty has not suffered, but an added dialog to keep security intact has been added. they do not conflict directly.
increased security only has the effect of reducing convience. i could make myself an administrator and never get a password dialog. this wouldn't have any effect on the original usability of the system. likewise, i could encrypt all my ram and swap space. this would increase security, but have no real effect on usability. security is implemented with policies, and as long as those polices are reasonable (i.e. require a methodology that isn't directly in conflict with a program trying to do it's job) then the only thing it will do is require the user to enter additional passwords when designed properly. a poorly designed system (windows) doesn't implement this policy well. doing operations like copying files to admin-writable-only folders in windows is an example of a poorly implemented policy. in mac os x, i'd get an authentication dialog. in windows, i simply would get an error, with no added dialog to request a username and password.
- tristan
Jakob Nielsen a major security risk?
Like burglar alarms in a building.
The use of alarms has a definite impact on ease of use. In our building, the number of people coming and going at different times makes it impossible to secure the entire building. There are alarms but they don't get used.
So here, usability and security are in conflict, and usability wins.
However, we've created a secure zone which has our real offices (as compared to the large insecure garage space which is basically a place for parties and such), and here we have very secure windows, and a nice secure door with keypad and ID badges.
In the case of the offices, the keypad / ID badges are actually simpler than anything else. Swipe your badge, door opens, system registers you.
So security and usability can go together, but it has to be realistic and probably, appropriate. Trying to secure a large perimeter with too much traffic is an uphill struggle. Securing a well-defined perimeter with just one or two entry points is much more realistic.
Security is about making choices and one of the most important is: what not to secure.
It's the difference between the garden and the house.
Sig for sale or rent. One previous user. Inquire within.
There are brilliant designs that are both simple to use and secure (and usually simple to build into the bargain). The problem is that there are not so many
brilliant designers out there. Coming up with these designs often involves novel functional decompositions, new UI metaphors, unusually structures interfaces or something else that is hard to get to by "normal" design processes.
As a performance and security analyst, I deal with this every day. You honestly cannot have the best of both worlds.
Especially in the end-users opinion...security hampers performance. Harder/longer passwords, firewall policies that restrict surfing and streaming- they don't see it as secure, they just think the network sucks!
From the IT staff's point of view, these are not seen as performance issues, they are security enhancements
Stateful packet insopection, Intrusion detection, port-knocking- the more secure we get, the more cycles required to execute a task. Absolute security and ansolute performance cannot currently co-exist. One is going to have make concessions.
Repant. Thy end is sheer.
Wrong question.
First off, discount all "insecure" solutions to a problem. Now judge the remaining solutions.
It's really easy to write a "simple to use" insecure OS [for instance] then one where the user must actually login, use privilege separation, etc...
For instance, saying "oh GPG is too hard to use compared to MegaSuperUltraCrypt 9000 (tm)" is kinda meaningless if the latter is hopelessly insecure by comparison.
Does security require work on the part of the user? Yes. There is no way getting around that. You have to carry a token and/or memorize a password for authentiation [for instance]. Not much you can do to get around that.
One of the big things that peeves me about customers is when they say thing like "we don't want to have to do that" and the only legitimate answer you can give them is "you're going to have to and this is why."
So far I've been lucky and with a clear explanation they agree to my designs [in all 3 consulting gigs I've had...] but being patient is key I guess.
Tom
Someday, I'll have a real sig.
We mac users have the best of both worlds.
I hate sigs.
Good security fosters good usability, and good usability fosters good security. When either is considered a-holistically, it results in a detrimental relationship to the other. We all need to learn how not to think like a-holes.
You see? You see? Your stupid minds! Stupid! Stupid!
There cannot be 100% security in anything. If there is ever such a thing as 100% security, then there is 0% usability. For example, the way to secure an airport 100% is to have no airport, but that is unfeasible. By perception, usability and security are two opposite directions. However, you can have usability and security in a happy-medium. It is difficult, but it can be done if you understand and accept both usability and security risks (many tradeoffs involved).
That really depends if you are talking about industrial computers, or your grandma's computer.
In the case of your grandma, the computer should be secure enough to not be infected or hacked, and that's about it. There's no national security information on her hard drive, and no one will be particularly interested in stealing her grandson's birthday pictures. Too much security at the user level will get in her way. Security below the user level is just what she needs.
On the other end of the spectrum you've got a team of trained tech staff. They have a data vault with really important information. Their security precautions should be extreme. But that doesn't hurt usability, because these guys are trained to work in this environment, and don't mind it. To them security tools enhance usability.
I understand the point of the article, and I can see the point. I think they should be looking at making security happen "under the hood". That's what they're really getting at, I think.
Slashdot Syndrome: the sudden, extreme urge to correct someone in order to validate one's self.
I installed Norton Internet Security a few weeks back, and by default it kills all connections to shared resources... I've got a linux computer that's basically just a samba drone, and for whatever reason, Norton keeps blocking access.. Eventually, I had to turn all share blocking off to keep it from happening intermittently. There's no user-friendly way of telling it during install or configuration, "hey idiot, I'm connected to several drives/printers for sharing, open up those ports" It doesn't even bother to ask, it just shuts em down.. And did it again after a liveupdate.
On my XP box, I'm paranoid enough about trojans and activex lunacy that I like to monitor in realtime what is asking for net access and block it accordingly, but at the price of these anoyances, I almost uninstalled it.
It replaced telnet/rsh and wrapped your X session so you no longer had to deal with xhost this and xhost that.
It also let X pierce firewalls.
I think the Macintosh OS demonstrates the direct relationship of the two pretty well, even though other companies may not.
MY SECRET DIARIES
I'm glad the OP thinks his papers deserve a world-wide audience. However, I would argue that it is generally considered bad form to tout one's intellectual accomplishments so nakedly. That's two in one day for this guy.
Usability and security are opposing forces, if and only if the program has optimal usability and security. To make such a program more usable, by definition it requires removing a feature, or compromising security to make it easier. To make such a program more secure, it requires either removing a feature or adversely affecting usability by adding another hoop to jump through.
Note they aren't strictly speaking opposing forces, since "remove features" can both enhance security and usability. It's just that if your program is already optimal and you need to push it harder, something else has to give.
You don't have to be a cynic to observe few programs are optimal, and therefore most software engineers don't have to think in this way. Thus, as a practical matter in the current environment, no, they are not opposed. But they should be.
(As a PS, I'd define security as "Ensuring the computer does what the owner wants, no more, and no less, with the computer owner having all relevant information about and control over what the computer does." But that definition has yet another idealogical focus, no?)
Paypal's CEO, Peter Thiel, once said "There's a trade-off between privacy, security, and convenience, you can have any two at 100 percent, but the third will be almost nonexistent." Convenience is closely related to usability.
This is obviously a simplification, however there's a lot of truth to it. For example, at some level, any form of authentication is going to degrade privacy at some level.
http://shit.slashdot.org/article.pl?sid=04/11/15/1 420246
From my experience it is a lot easier to make a good interface on top of a good secuiry model. Then to make a good security model on top of a good interface.
If you build the interface around the security it usualy end up with a far more usable program. For example say somone doesn't have access to a field on the program Knowing this I can make the interface to hide or not even load the button and make all the other objects fit without looking like the feature is there for people w/o access. Conversly if you put the security after the interface then it is a lot more work because and often to save time you usually but little blots in your code say after they click the button saying you do not have access to this field.
A good security model first can actually help the interface in development because it can allow users to use the program easier without being destracted by features they shouldn't use or don't know how to use.
This is the reason why traditional *nixs are considered hard to use and Windows is insecure. They were build with the interface first then they added security to it. Unix spent more time adding security so the interface has declined vs. Windows who kept the interface and let the security slide.
But systems like OS X have good security and interface because when they designed the OS they made the interface to work ontop of its security model and not in spite of it.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
The two opposites are "Complexity vs. Security." Those two exist as opposites only through casual analysis and not as a hard rule. The root of the problem being bad programming. (No finger-pointing needed... the culprit might be a lazy programmer or a demanding boss who cares more about the deadline than quality tested code.)
The fact seems to be that the more complex something becomes, the easier it is to break. So in reality, we should expect to see security improvements with decreased complexity in the U.I. As for other methods of hacking software (such as non-UI doors like APIs and network related exploits) the same rules might apply where keeping the complexity to a minimum might easily lead into less opportunity for exploits and thereby improving security.
Frankly, from where I sit (a non-developer with a basic understanding of programing concepts) I think security issues arrise from really bad programming habits and it's a damned shame that it's just not taught in school... for example, getting graded on your code by avoiding exploitable coding practices and such. As it is, security-minded coding is something that is gained through experience...usually a bad experience.
The force that blew the Big Bang continues to accelerate.
If you perform your experiment with a cable or DSL modem that does NAT (like most do nowadays), exactly SQUAT will happen.
Now if you start using that system to browse porn sites with IE and open every spam you receive in OE, your system will perform like SCAT.
I've said before and I'll say it again.
"Simplicity is the key to security and usability"
Problems arise in both area's when you try cramming in features at the last minute. Scope/Feature creep are what makes systems (almost anything) indecure/unreliable and ultimatly unusable.
...yup...
Mixing generalities with bad examples are very common there. He put the entire idea of P2P as "unsafe" because some P2P applications have security holes, and the same with web serving as a lot of windows password files could be found out there. Maybe there are activities that are unsafe by default (i.e. jumping from airplanes, specially when without parachutes), but that is not something that can be generalized so easily.
Installed Windows XP this weekend. Found where I could download the SP2 patch on my linux box... but of course the windows update page only lets you in if you are on a Microsoft Operating System.
So I hook up my DSL connection to the windows box. Go to the microsoft page with firefox. Find out that not only the OS but also the browser has to be a Microsoft product. By the time I get around to loading up Internet Explorer I have the "system error, shutting down in 45 seconds" notice on my screen that lets me know some blaster-esque virus already got to my system. I was online for about 5 minutes *at most*.
So I reinstalled, downloaded the only non-windows-update available version of SP2 (the "developer" edition that allows installed over the network , I think) and installed that prior to going online.
To Microsoft's credit, it worked... for now.
I however fully expect to have to reinstall everything from scratch in a few months when the next gaping hole is discovered.
ok, I know, I used 'your' incorrectly. It should be "you're"
Work is punishment for failing to procrastinate effectively.
Unless I have items of value in my car, I leave it unlocked with a small (not especially visible) key in the ignition. It hasn't been stolen yet, but that doesn't prevent anyone from taking advantage of the situation.
Folks, this is security by obscurity at its finest. If cars came default with this behaviour (analogous to windows), I'd take more care in going through the hassle of securing my car. That is to say, if automotive hooligans could rely on a significant population of cars to be that easy to access, I'd be more worried about my car being targeted.
Once I get my gps-enabled stealth computer with gprs going, I'll be able to see where thieves take my car when they steal it!
OS X
Usability and Security may be inversely related, but the constant of proportionality is arbitrary.
U * S = W
I usually call that constant W, because it is possible to make a system that is secure AND useable... It's just that it takes a lot of Work.
Microsoft has been historically insecure because it's a highly useable system produced with the minimum necessary effort.
Architecturally, it is generally accepted that the security of a building is opposed to it's accessibility. [...] However, usability overcomes some of these problems by making entrances obvious, door opening automatic, lighting bright, etc.
Even accessibility is not always opposed to security. If you want to rob a store, you have a few requirements that are different from those of the "shopper" user: ideally, you want to enter, take what you want, and leave quickly with as little resistance and recognition as possible.
Good lighting impedes the thief/robber, and helps the shopper find what they want and feel safe. A height measurement sticker and a camera by the door discourages robbers without impeding a shopper. Automatic doors are designed to open in time for a walking person, not a running person. Cash registers are frequently cleared to put most cash in a hard-to-reach location (sometimes offsite), which has a business cost without affecting the shopper.
Software usability, accessibility, and security must be considered in the same way -- some changes will improve all aspects, some will improve one at the cost of another. More changes will be at odds, because the computer is such a flexible tool (crackers have different "requirements" than other users... but not all that different from some developers and power users), but this is still the same balancing act we've always been doing... we just know now that the risks of poor security are huge.
Something I read somewhere;
'Some people are of the mistaken impression that being secure is synonymous with being a big pain in the ass'
Its so true...
In the free world the media isn't government run; the government is media run.
Oi -- not this again.
Usabilty has little to do with security. Usability only becomes a factor when your users CANT understand what is required of them. For example if the user cant distinguish that their name goes in one box, their password in another, and their RSA token in a third you have done something wrong.
Experience has a LOT to do with security. If you make users change their password every month, and you require an equal mix of alpha and non-alpha chars, then what are they going to do? I would bet "post it" under the keyboard.
True enough, AC. NAT will offer some protection.
But you don't have to surf pr0n or respond to spam to get nailed. Only time I was ever bitten on a windows box was through a song lyrics site. Avoid those!
Also, that was the day I moved to FireFox. =)
Weaselmancer
rediculous.
That's pretty much a zero-day exploit.
While I agree with the author's premise, I do not think he had used very good examples. His examples that he uses do not do his arguments justice.
* In the Indian Assembly Election example he uses, the usability of the voting interface has little to do with the security of the machines. The voting interface can be very user friendly, but that says nothing about whether or not it is possible to hack into the machine through a network and change the results.
* In his examples of firewalls and adware detection, he confuses "usability" with "availability." But available is a a facet of security, not usability (see the definitions at the top of the article). He means to say "because the systems are more useable, they are more secure." But what he says is "Because the systems are more available, they are more secure", which is like saying 1 equals 1.
Life is like a web application. Sometime you need cookies just to get by.
Ever fumble with keys while trying to get groceries in through the front door? How about trying to get in your car during a rainstorm? Ever realize that you've forgotten or lost those keys? These are examples where increased security decreases usability.
That doesn't mean a secured system has to be a hard to use system. The goal of most security systems is to increase security with minimal impact to usability. Many modern locking systems take advantage of new technology to do this. We can mention proximity smartcards, keyless entry keyfobs, and biometric / PIN systems as methods to deal with the above examples (although none of them are as "easy" as an unlocked door).
It might be worth noting that in some extreme cases, decreasing ease-of-use is a key component of a security system. However, this mostly applies to physical security systems. And while physical security is the easiest source of anologies, it is ultimately a far different beast than information security.
With SSH I can have secure remote login without password. In addition I get nice things like port-forwarding and compressed connections.
With Telnet I had less functionality, little security and had to either use my password each time or have even less security (rhosts).
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
In some crazy mixed up world maybe just maybe you will get a computer security system that isn't complete hell to use but it isn't going to happen in this life time.
Uses see security as an inconvenience not something that helps them in anyway (and lets face it if we sent all the crackers to Mars we wouldn't need security anyway).
Computer security isn't like, say, a guard over a the blade of a circular saw. I don't think most users understand what it is there for and so they by pass it or make it as simple to get through as possible.
I used to have a better sig but it broke.
I don't think they are exactly opposites. There are situations where they conflict; e.g. having to enter a password before you can use a service.
Actually, security and usability often go hand in hand. I don't think email would be very usable if people constantly messed with your account. Another example is Windows vs. GNU or BSD: I think Windows has very low usability, due to the knowledge and action required to keep the system healthy. Part of this stems from the bad security of Windows. (puts on asbestos underwear)
Please correct me if I got my facts wrong.
The real trick to it is to finding the often delicate balance between security and usability that actually meets the demands of the people the system is working for, as well as delivering this system on time and under budget. That's what makes security such a hard job. Usability and Security are at polar opposits of the same scale, and everyone wants both. Fortunately, different environments place different demands on a system, so the balancing act is usually at least _possible_.
File under 'M' for 'Manic ranting'
unusable software is inherently insecure.
Yes, you insenitve clod.
It seems the problem really is one of deffinition. What exactly do you mean by "Security" and "Easy to use"? If security means "put a password on everything", of couse that's hard to use. On the other hand, if easy to use means "no thought", of course it will be less secure. To say that increased security menas decreased ease of use is meaningless without a scope.
Here will be an old abusing of God's patience and the king's English.
To prove that security and usability are the exact opposite, let me pose a current (secured) system.
1) Computer is not networked
2) There is no operating system installed
3) There is no HD or floopy for OS install, nor NIC for OS install
4) Actually the parts of the system are still in various stores.
See, the system is completely secure and totally unusable.
I wounder if this is going to get mod'd as funny... If not, time to go to bed... working 3rd shift sucks ass...
Most of the comments seem to use the 'its broke, therefore its not usable' definition.
A usability issue is one that inhibits a users ability to complete a given task. Either the system is to convoluted for the user to understand how to complete the task, or its just so well hidden that the user gives up. But the fact that the task is technically compellable, makes this a usability issue.
A usefulness issue in one that fails to provide the user with the ability to complete a task. Either the system does not allow for the action, or completing the action with the system has no benefit. (the user can do it faster / better without the system)
This is a fundamental difference. A usable system can be secure, and an insecure system can not be useful. (at least not for very long if its Win XP).
Ah yes, RPC exploit used by blaster, netsky, etc.
The newer XP CD's have SP1 on them (and now even SP2) which has the Internet Connection Firewall (ICF) (or Windows Firewall of Security Center) enabled by default.
For those of you stuck with older XP CD's just turn ICF on by Right-clicking My Network Places > Properties > Right-click connection > Properties > Advanced > ICF. Do this BEFORE you connect to the Internet, if you're using cable or some forms of DSL this means BEFORE you even plug it in.
Which might initially sound like it is totally unconnected, but please bear with me.
I was actually talking with a friend about his new (to him) bmw k100 motorcycle compared to older britsh or japanese bikes... with the older stuff making them go very fast wasn't really a problem, thing is, when you were going fast you always knew it... my mate's beemer is different, he cruises along as smooth as anything and looks down at the speedo and is shocked to discover he is doing 12o mph, when it feels liek 70 mph.
The point being, the new beemer, complete with ABS and all the other goodies, isn't actually safer than a 25 year old tuned bike, it FEELS safer, and that lacks of visceral danger signals makes you ride more dangerously, wheras on the older, apparently more dangerous bikes, you were safer.
I think this applies to the usability vs security debate too...
just as with the bikes, the apparently more secure one is actually the more dangerous.
a secure system isn't therefore going to be a system that appears secure, a secure system will be a system that makes the user feel a bit vulnerable.
sat at a well set up linux box behind a pukka hardware firewall logged in via a user account I will feel very secure, so I will be paying almost no attention to security.. ok the system itself should be secure, but how often do you run chkrootkit compared to a windows user running AV software, how often to you routinely pass out root passwords to fellow geeks, how often do you watch out for people shoulder surfing while entering personal data?
on a direct to the internet connected winders box you know you aren't secure, so as a result you may be far more suspicious of everything and everyone.
(sure, not all lusers are like this, I am using for example similarly clueful users on windows and linux)
I think the usability issue will follow on from this, like the bike example, the beemer is easier to ride, but when you wipe out it will be a major spill, with the old bikes when you have a moment there's a good chance of enough being left in the performance envelope to save your skin.
getting back to the computer security issue, I think this example follows, when you wipe out on linux it is usually dire, when you wipe out on windows, which does wobble long before linux, there's usually enough left in the OS to keep you going.
I'm sure this will generate some flames and troll accusations, but it isn't meant to be, I'm just trying to look at it from another angle and compare it to something different to look for parallels that might cast some light on the subject in question.
cheers
http://slashdot.org/~GuyFawkes/journal
i.e. you can have usable and secure, if you pay out the wazoo for it. unfortunately, most people don't -- they opt for usable and cheap.
draw a triangle. at one point write "usable", at the next point write "secure" and at the next point write "cheap". now pick one side to that triangle -- thats your system.
cant have your cake and eat it too, apparently.
I opt for usable and secure for corporate and government environments; secure and cheap for home and small business.
01100111 01100101 01110100 00100000 01101111 01110101 01110100 00100000 01101101 01101111 01110010 01100101 00101110
My short white paper: Some programs are both unusable and insecure, as noted elsewhere in this story discussion. And insecurity makes programs unusable, especially when it masquerades as false security. Insecure programs that appear easy to use are really unusable, in the longer run. Useability is hard because it requires avoiding abusability .
--
make install -not war
.....it's only something we are used to see. It's true, we see too often computer security and computer usability going in opposite directions, but it does not have to be so. This occurs when the security function is an afterthought of the design, patched in a hurry on a system not designed initially for it. When it's the case, adding security is essentially the task of filling the holes when they are found, and each hole filled is a restriction in functionality/usability. If the product has been designed with the usability and security requirements in mind right at the beginning, there should be no opposition between these two aspects. Well...Closed source too often hides myopic design and sloppy developments
What you have are the following:
The tolerence levels are dictated by the user. A tolerence of 1 means that any level is acceptable. A tolerence of 0 means that it'll never be good enough.
The maximum combined benefit of security, usability and functionality is a function of the effort you're willing to put in. However, doubling the effort will less than double the returns. These sorts of systems always have declining returns. The upper threshold is whatever you're willing to put up with, in terms of input. Provided you're willing enough, you can get whatever output you like.
I've not put them into the equations, but if you plot time available against effort, you'll get an S-shaped distribution. Initially, increasing the time produces a substantial increase in returns, but after a while the benefits fall off and eventually you'll produce next to no returns no matter how long you take.
The other factor is people. The number of people in a project, versus the effort put in, follows a bell/gaussian distribution. There is a "perfect" size of team for a given project, and having either too many OR too few will result in a loss of productivity.
(Too many, because more time is spent on communicating where everyone is, than is spent on actual work. Too few, because humans don't task-switch efficiently and rarely have a skill-set that is perfectly even.)
From there, you can calculate exactly how good a product you want, based on what resources you're willing to throw at it, or what resources you'd need, if you want a specific level of quality.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
...ultimately a far different beast than information security...
The inverse relationship between security and convenience applies to all areas of life, including computers. The goal is to make the security sufficient for the need with minimal increase of work, but there will always be SOME extra work for more security. There is no such thing as a free lunch in security. Someone has to do extra work and it usually is the person needing access to the computing resources. The more valuable the thing being protected, whether tangible or intangible, the more security is needed and the more work it will be for the authorized access thereof.
All theory is gray
I tried to think of all of the usefull things that I own with one and only one button: flashlight, some of the electrical circuits in my house, electric toothbrush, signal booster for headphones, Taboo buzzer. It's a pretty short list.
If your computer can figure out exactly what I want to do with only 1 button, you should do it without me having to press it.
There is actually a fairly large literature on usability and security. Have a look at the HCISec Bibliography at http://www.gaudior.net/alma/biblio.html
but of course the windows update page only lets you in if you are on a Microsoft Operating System.
Windows Update, that is windowsupdate.microsoft.com, will only work on MS operating systems using IE. However, patches and service packs are available as binary downloads through the Microsoft Support Center (or whatever they call it) from any browser, any OS. Last time I went to Windows Update, I seem to recall that there was a link to the Download Center where you could download these binaries outside of the 'Windows Update' system. Here is the Download Center.
I however fully expect to have to reinstall everything from scratch in a few months when the next gaping hole is discovered.
Then you've bought into the FUD here. I keep my Win2k box somewhat updated, but strictly firewalled with the unnecessary services turned off. I have not had to reinstall the machine since I got it almost a year ago, and my previous machine ran for years without a reinstall. The only spyware I got was because of my own stupidity when I ran something named "START.EXE" that came along with a crack.. err security patch. I easily removed the spyware with the Adaware/Spybot combo. I use IE only for connecting to sites that do not accept Firefox (my company's webmail and Windows Update). I don't even run AV.. I go to one of the free online scanners every 6 months or so.
It's actually quite simple to keep a Windows box secure, despite what you read here every day.
Otherwise, not just your your adversaries will try to circumvent your security; your trusted parties will as well.
vk.
I downloaded SP2 on my Mac. So I'm sure you can do in on Linux. Sure windowupdate.com is windows only. But you can still download the patches manually off microsoft.com.
And to take the opposite example, repeat your experiment with a Mac. Wait as long as you like. Notice how it's still as friendly and usable as the day you got it, while remaining highly secure.
Mod down posts with a "Free Mac Mini/iPod" sig, they're spam!
... you insensitive clod!
Security has to include the user, because he is part of the system and can compromise it just like say a buffer overflow could. That's why theres password policies and other such things.
If a system is hard to use correctly it quite possibly is also hard to use securely.
Examples:
Assume a browser that supports JavaScript. Since its implementation is known to be faulty (it was written by humans, so that assumption seems rational), JavaScript can be turned on and off by the user.
Scenario 1: The Button to switch JavaScript on and off is easily recognizable, warns the user that JS should only be on for websites that he trusts and websites clearly state why they need JS anyway. The user now can make an informed decision which websites he wants to enable JS for.
Scenario 2: JS is turned on and off by a hard to find menu item on the third tab of a very complex dialog. That menu item may also be misleadingly labelled. The user probably doesn't even know its there, but if he tried it out he would see that some websites he needs to use stop working correctly. Hence, he's obviously better off leaving it on.
It should be clear that you can't have security without usability.
Free as in mason.
Sure - there are certainly simularities between the two. This allows for common applications of some principles as well as limited analogies. But it is a mistake to apply all physical security precepts to information security.
For example, the environments of physical and information security are different. Physical security is limted by the laws of physics. And while advances in technology do slowly change the realm of "possible", these changes tend to be limited. Much of physical security is dealing with constants. Within information security, if you don't like the environment... change it. Sure, there are limiting factors to that change. But ultimately, if a specific protocol or system has major issues, one is certainly able to change to something more secure. In short, Infosec allows for a greater degree of change within the environment than what is afforded to physical security.
I second this. The question is not if usability or security is inversely proportional. The question is whether security is usable or not.
Would it work if sites required two passwords so that the user would have two passwords to remember for one site? That would allow users to have simpler passwords while still making it more difficult for hackers if they had to guess two words instead of one, imho. Of course, I didn't read the article so maybe that was already suggested.
--- Don't ever trust a woman until she's dead- B.B. King
This whole thread displays the ignorance that abounds in the techie community. The guy who posted this thread has no bloody idea what usability is. A discussion of usability vs security shows that:
a) generally, there is ignorance about what usability actually is.
b) usability is a lame excuse for piss-poor programming re: security.
(b) usually comes from (a) because most software programmers do not come from a good design background, let alone understand what proper design is. They sit down with a problem and hack till their toes fall off. Security and usability can be achieved in one go, but it depends on how good the programmer is.
Usability. Design. They're important. Security is just a possibly-desirable aspect. A good design framework should allow a secure, usable package. If you want to focus on security, that's fine. Just be aware that if you give up usability for security, it's ok, it just means you're not that great at what you do. I recommend a career in McDonalds for you.
Couldn't stand the weather
Security is about mitigating risks. Users can not be asked to mitigate risks that they don't understand or believe in. Users must either a) choose to mitigate the risks or b) be forced to mitigate the risks.
If a user places them self at risk they should have the option to have that risk mitigated. If mitigating the risk causes the user no pain (no extra user action) then automatically mitigating the risk is fine; otherwise, risk mitigation should be opt-in/out-able.
If a system exposes some other entity which has control of the system to risk, that entity may require that if the system is used, the risks to that entity be mitigated. Thus users will be forced to accept the security measures. While some users will try to work around the measures, the measures are required. The measures should be made as easy as possible to accept, though education, reduction of overhead to the user, etc.
This applies to all kinds of security, including law. Drug laws are a good example. "Society" feels at risk from drugs, imposes security measures against drugs, and some "users of society" work around those measures to do drugs anyway. Society tries to make the laws easier to obey through education (propaganda?), by limiting access to drugs, by making drug use riskier, etc. The people that have problems with these laws are those people which do not agree with the risk assessment by society (many) and those which do not care about society but do agree with the risk assessment (few).
Computer security is the same. People have problems with measures when the measures pain them without convincing them of the worth of the cost. You can convince the user by:
- Reducing the cost of the measure to the user (that's UI work).
- Increasing the "return on investment" of the measure perceived by the user (that's education).
So:
- DON'T force security measures on users when the measures only protect the user and when the user doesn't want them.
- DO make the purpose of measures clear.
- DO make the measures as unobtrusive as possible.
Now a lot of risks involving computers do impact more than just the user. Consider worms where local host security hurts your neighbors (as your machine attacks them). This complicates things.
As a human being, you must decide whether you want to force measures on someone that they don't want, to protect only them. I don't like other people forcing decisions on me, so I would implore developers to make such measures optional (on by default if the cost is low and benefit high). You must also decide, whether you will force measures on users that don't want them, for the good of someone other than the user. As an application developer, you must consider that any measure that you force on a user, when they don't want the measure, will be seen by that user as a pain in the ass and will help support competing applications. Also, implementation measures will be criticized for usability just as any part of your application is criticized. There's nothing special about security in terms of usability. UI components for features that users don't understand are distracting and confusing, and bad UI components for features that users do understand are just plain frustrating.
For example, on my trusted systems, I regularly use rsync over ssh, or run apps on the remote end using ssh with a passwordless private key. This is obviously easier than having to type a password for each task, and allows me to run, for example, X11 apps seemlessly from a remote server on the local display without messing with manual authentication.
ok usability is inverse proportional to security , usability is also inverse proportional to power,
usability is inverse proportional to speed.
usability is inverse proportional to users intelligence.
By god I think we've really figured something out!
usability is the root of all our technical problems.
This sounds like a HGTTG problem where the answers are all really fine but nobody has figured out what the question is.
...?
Q: What is security
A: 42 (or maybe 54)
Is computer security inversely proportional to usability?
Choose any answer you want, the fact remains that we generally need security and it may or may not be proportional (inversely) to usability but it is making the design of a "user friendly" system more complicated and sometimes even impossible.
So what's the real question?
I think that the real question(s) should be:
1) How secure does this system need to be?
2) Is it easier to build a usable system over a secure architecture or to add security to a usable system?
3) What is going to be the time to market a secure system vs. a mostly secure system vs.
These answers will depend on the type of application/OS you build. If I need an OS for an emmbedded application, I'm not going to waste time making it secure.
If you start with only usability in mind, and end up with a design that has inherent security flaws, it's easy to end up in a situation where the only way to improve security is to reduce usability. Internet Explorer is, of course, the poster boy fo rthis problem.
If you start with security in mind, and maintain both security and usability goals, you can end up with a much more secure design that, by the end of the day, is also more usable.
For example, if you build a rendering component that doesn't contain a mechanism for breaking out of its sandbox, and then let specific applications add capabilities that objects they directly provide to the rendering engine can use, you can implement almost every piece of functionality that Microsoft designed ActiveX for without having an ever-tightening ring of increasingly annoying restrictions wrapped about the user.
The only difference is that rather than having Internet Explorer at the core of the system, so that everything ends up looking like part of IE, you have a variety of applications with embedded HTML panes that provide the same functionality.
What do you lose? The ability to have remote web pages embed trusted control inside their web pages... instead you need to explicitly install plugins or, for in-house tools, run an "intranet update" that downloads and updates the apps.
This seems less convenient, until you realise the browser is more convenient in other ways because it's not trying to second-guess everything you do... and, once enough people are using it, the convenience of a more spam- and virus- free mailbox has to count for something.
Delete the files, oh shit, not those ones sent those to Mary, not that Mary.
I have a phone which I don't use, it has too many buttons, one for back, one for escape and one for cancel etc...
Each button does exactly what it says and only what it says, nice and easy for my grandma (press the red one granny) but appalling for everyone else, the problem is that the decision space has been fixed towards my grandma and I'm the one who's got the phone.
The same could be said about any piece of software i.e. the decision space is fixed,this makes it easy for some but hard for others.
Your solution would be make it easier for the people who find it hardest and level the playing field a bit, well I suppose that's fair, but all a bit pseudo-usability to me. What needs to happen is that applications need to be able to adapt to the different decision spaces that different users will require. Take for instance a computer game (I've got warcraft on my desk), now war craft uses it's first few levels as a tutorial by reducing the decision space, I can't make mistakes because there are no mistakes to be made, it then increases the decision space to stop the game becoming boring. The same approach can be taken with general software, each application could use machine learning to work out what decision spaces to present to the user, the software would then be able to adapt the to users needs making giving it perfect usability.
Once an individual user has a decision space, other users who perform similar tasks can take data from the decision space to improve there's, e.g. software used in a call centre could produce an optimal decision space for that call centre, this could be used to adapt working practises and spearhead feature markets.
This is not one button marked 'do exactly what the user wants me to do', it's a prompt saying, 'I think you want to do this next'.
All commands should be accesable from everywhere, it's just that the user should be presented with the one that they are going to use next, 'always one click away.'
thank God the internet isn't a human right.
Huge Enterprise environment where users have an average of 15-20 passwords. Admin users have an average of 20-35 passwords. Security department in the process of tightening security across the enterprise. This involves going from 90 day expiration to 60 day expiration. Forcing all applications to be Security compliant introduces more passwords that expire. For example there are 5 PeopleSoft web based systems and each one has a unique user ID & password.
Quite frankly, the users are pissed off. They have a Windows domain password, a Netware password, a Lotus Notes password, an Intranet password, multiple mainframe passwords, client server application passwords, remote access RSA Token passwords, etc., etc., etc.
The help desks are swamped with hundreds of extra calls a month for password resets. Due to complex password rules, the users have a real hard time choosing a new password. No common words (we have an extensive database that includes sports team names, human names, pet names, etc). Remembers the last 16 passwords and refuses to let you use similar passwords.
The only saving grace is a planned integration of these systems into a single Active Directory Domain with a custom admin tool. Once all the apps are customized to hook into this directory, then the passwords can be syncronized to reduce the number of passwords to a reasonable number.
Beyond this we will probably go with smartcards or some kind of USB RSA key. After all if you sync a bunch of account passwords then if the password is hacked the hacker would be able to access multiple systems. So making a very secure passcode and hooking it to an RSA Token would be advantageous.
Ya know what, I really miss the Keychain from Mac OS 10.3.6 Panther. If I had something like this in Windows, it would eliminate a lot of the hassles. Of course, security would deem it necessary to lock the keychain frequently...
Secure & Useable!
http://www.openbsd.org/
that can be a big thing
I thoroughly agree with much of the paper but it does not really address the real snags that anyone with half an interest in security has to deal with.
I'll give you a classic example: I have over 60 customer (sites). Yes, you think you have problems with admin passwords. You should see the storage methods I use for those (and no they aren't stored anywhere else than my bonce - as to what those customers do with them)!! I have rather more than my PC passord, ATM card and a few website passwords to deal with.
Yes, pretty password generators are all very well as some posters have whittered on about but in the end its just another case of "something you know".
Anyone care to come up with something that works for wholesale access methods.
I need "something you REALLY are"
...what they're doing, keeping their PCs secure can be quite easy. I've never .:knock on wood:. had a virus. I'm not really cautious either.
Regarding the FUD: you might be right.
Regarding "windows update"... you seem to imply it is reasonably to refuse to serve a page altogether because of the OS/Browser combination the user is using. Viewed by anything other than Windows & Internet Explorer, the page outputs a near-plaintext "Thank you, but this is for Windows users only." message.
SP2, the basic intended-for-a-single-computer edition, is *not* available anywhere except through windows update. As I wrote, what I had to download and install was the "developer" edition intended for network installations. That's what I downloaded using linux, and that's what my other replier must have downloaded with his Macintosh.
SP2, the patch that all home-users should want, is in fact *not* available on the internet unless you are browsing there with a windows operating system using an internet explorer browser. That's not reasonable, not understandable; just fcuked up microsoft. It is about akin to Red Hat making available a serious security update only to browsers that it can identify as being Red Hat users.
If my operating system of choice is broken, and I need to download a patch to fix it... it might be nice if I could do it from a non-vulnerable OS. Of course... that presupposes that there exists more than one operating system--undoubtable a concept that is anathema to microsoft.
In one measure the goal of security is to make things hard for people. Specifically, it should make things extremely hard for Bad People (tm) and not too hard for Good People (tm). The purpose of the security system is to distinguish who is a "Good Guy" and who is a "Bad Guy" as defined by whomever set down the system.
In the most abstract sense we could be talking about remote programs, real world human users, or virus-like programs.
[signature]
As in web applications, desktop applications should now follow the paradigm of separating logic from presentation.
When this is done there can be no issues where GUI == insecurity.
Problem solved.
Until this happens...
GUI should not ask for low level changes.
GUI should demand that low level changes meet their needs.
Being able to query data should not bypass security... and it should not be limited by security where it is not merited.
Smarter design, smarter design, smarter design...
A fool throws a stone into a well and a thousand sages can not remove it.
But - are you sure about the rightness of how you multiply in the positions? I mean, since your two non-repeating digits are unknown, that unknown-ness is already figured into the 10* 9 figure - you could swap your two 'Schroedinger digits', and it would have no effect on the size of the password space. As far as positional parameters go, they seem like they should be identical - 8C2, not 8P2. You can't have the same entropy count as random in two different ways, right?
I mean, if you make a password of 3 lower case characters and the @ character, it's just 26^3 * 4 - three characters, and the position of the @ - not 26^3 * 3! - the unknown-ness of your letters is already accounted for by the 26^3
So, let's separate this into two elements: The values of the elements:
32 * 10 * 9 * 26 * 25 * 26 * 25 * 87 * 86 = 9104097600000
and their positions:
9C1 * 8C2 * 6C2 * 4C2 * 2C2
= 9 * 28 * 15 * 6 * 1
=22680
22680 * 9104097600000 = 206480933568000000
Which is still 945 times bigger than space 2, but still you overstated the case by a factor of 15 or so.
None of which is to say that I haven't missed something obvious in all that....
What is the robbing of a bank, compared to the founding of a bank? -- Bertolt Brecht
The problem with biometrics is what happens to the digitised information after the system is broken into. Your authentication design must be resilient against failure. Biometrics fail across a network, where the source must be trusted to have actually done the authentication, and not just replayed previous information.
Imagine a scenario where duplicating yor body, down to the DNA was feasible, and it was possible for an attacker to simply jump acros bodies into a new one. What would your authentication systems be in such a scenario.
Authentication and authorization would then have to be based on who you are, what you know, and a piece of hardware that you have. And this needs to be verifiable by every sysem you need to authenticate to.
I can throw myself at the ground, and miss.
Notice any difference? This is exactly why Usability and Security are NOT opposites. Any box that's running 99% cpu with malware and viruses is damn near unusable.
You're using a different definition of usability to the one intended. The point is, the computer is very usable when you first boot it, before it gets any of those infections. If an infected computer becomes less usable, that's a problem with the malware that is infecting it. The fact that the malware is able to be installed is a problem with security. But the link isn't a direct causation: the existence of the security problem did not make the computer less usable, because the security problem existed at first boot, and the computer was fine then.
See?
In the last 5-10 years, some researchers from the Human-Computer Interaction (HCI) and security community have gotten interested in the intersection of these two things. We're calling it "HCISEC". If you'd like more info about it, search for it on ggogle.
Just because you can't seem to find out what is good behaviour and what is not does not make usability and security to be opposites. If you be dumb enough to profile in the way like block every port for these people, put in wierd access control then obviously security is a hinderance to any CHANGE in the usability of a user. If you can't make an architecture that can monitor the security and place holds dynamically along with the user, its not a tussle between security and usability. IF THE software/security mechanisms can't determine ADAPTIVELY when the user/program is malicious/outside the desired behaviour then its the SOFTWARE's big problem...