Slashdot Mirror

← Back to Stories (view on slashdot.org)

Are Usability & Security Opposites in Computing?

Posted by Hemos on from the opposites-attract dept.

krozinov writes "Instinct tells us that computer security and computer usability are inversely proportional to each other. In other words, the tougher and stricter the security is, the less usability there is, and vice versa. However, there have been plenty of cases where both computer security and computer usability went hand in hand with each other and actually improved together. In the last few years security has been the biggest buzzword in computer systems and as such has become part of our computer systems. Before that, computer systems were all about getting it done faster and easier, but now they must also do it securely. Can the two continue growing together? This paper argues that it can, as evident by the most recent Indian Assembly Election."

1 of 253 comments (clear)

  1. Article summary by daveschroeder · · Score: 4, Informative

    Q. Are Usability & Security Opposites in Computer Systems?

    A. Yes, for instances where security measures do decrease usability. No, for instances where they don't.

    A2. Yes, for instances when software makers don't care about security, nor about integrating it properly. No, for instances where they show they care about security and want to do it properly.

    Come on, seriously. Sometimes, various measures for security make things "harder" to use. But there are so many things which define "security". Authentication, authorization, encryption, access, and each at several different levels.

    The ultimate answer is, yes, security and usability are opposites when the responsibility for the security measures rests entirely upon the end user. Simple example: Make a user have a password, and they'll make it their dog's name (not secure). Force it to be too complex, and they'll forget it (not usable). Mandate that it be changed every week AND be too complex, and they'll write it down (not secure or usable).

    When the security measures are administered by a skilled external entity (such as a knowledgeable and sensible IT staff) or integrated seamlessly into applications and operating systems (by knowledgeable and sensible software makers), they can be "usable". In fact, "usable" is the wrong word: it should be "transparent".

    There are ways to make good security - whether it's for an entire organization or a single workstation - usable, and non-intrusive. It just takes someone with the skill, knowledge, and foresight to do it.