Slashdot Mirror

← Back to Stories (view on slashdot.org)

Are Usability & Security Opposites in Computing?

Posted by Hemos on from the opposites-attract dept.

krozinov writes "Instinct tells us that computer security and computer usability are inversely proportional to each other. In other words, the tougher and stricter the security is, the less usability there is, and vice versa. However, there have been plenty of cases where both computer security and computer usability went hand in hand with each other and actually improved together. In the last few years security has been the biggest buzzword in computer systems and as such has become part of our computer systems. Before that, computer systems were all about getting it done faster and easier, but now they must also do it securely. Can the two continue growing together? This paper argues that it can, as evident by the most recent Indian Assembly Election."

14 of 253 comments (clear)

  1. Feature Creep by cgenman · · Score: 4, Interesting

    One of the things that has killed both usability and security of modern computers is feature creep. The ability to run Visual Basic scripts as part of your file browser. Javascript interpretations of file names.

    Most people forget that computers should only have one button. It should be marked "do exactly what the user want me to do," and it should do exactly that. Unfortunately, many systems are not designed from the viewpoint of a new user, but rather the professional user who created the system. There are five or six areas where a command can be found in the windows Explorer interface, and a given command can be in one, two, or all of them. Very occasionally, a command will only be available in the help file. sKill is far more usable than Kill -3.14159265, yet is no less secure. If end-users couldn't see what they couldn't access, they would have a much less cluttered interface and less obvious routes of attack.

    --
    The ______ Agenda
  2. Re:My Soapbox by omghi2u · · Score: 2, Interesting

    Is there a way to check for similar passwords in someone's history without 1)violating their privacy 2)compromising their password ?

    Just a thought.

    But you are totally correct in that conundrum!

  3. Re:Hmm by Anonymous Coward · · Score: 1, Interesting

    Show me where!

  4. Re:Hmm by Anonymous Coward · · Score: 1, Interesting

    Well, in my case, I let them pick 1.

    Security, when done right, isn't always cheap.
    Usability, when done right, isn't always cheap.
    Crap, now that's cheap.

  5. It certainly doesn't by Anonymous+Brave+Guy · · Score: 4, Interesting

    I couldn't agree more. In fact, I'd go as far as to say that usability is a necessary minimum requirement for security. After all, a very large proportion of attacks succeed because of a simple human failure, not an electronic one.

    For example, if banks would stop constantly requiring me to remember seventeen different ID numbers, "memorable" words and phrases, I might notice the e-mail they send out reminding me not to give out my PIN number to anyone else.

    On a more techie level, languages where it's easy to code properly make careless errors like allowing buffer over-runs or SQL injection less likely.

    At the heart of good usability are principles like KISS and not giving the user unnecessary chances to go wrong. These don't exclude giving the user power, but what better partner for keeping a user safe than not giving them silly chances to do dangerous things?

    --
    If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
  6. Re:Not sure this article has a good starting premi by nine-times · · Score: 2, Interesting
    Oh, and other thing to throw into the mix: anonymity. The relation between freedom/usability/accessibility/security and anonymity is interesting. Like, we might be able to increase security if we all had RFID tags implanted under the skin, and that might be very usable and accessible without impinging directly on freedom, but it keeps you from being anonymous, which might indirectly impinge on certain sorts of freedom.

    I realize this wasn't meant to be about politics, but the topics are connected. When you abstract ideas about computer security to general axioms, I think you'll find that they have meaning in personal/political security.

  7. security does not affect usability by OmniVector · · Score: 2, Interesting

    you're confusing usability in this case with convience. there's a distinct, yet important difference. usability means something is easy to do and use -- for example it's easy to install an app in mac os x. you just drag a .app file to the applications folder. this is far more usable than a windows wizard installer (less complex, less steps, less reading, less chance for error, etc). however, lets say i set my account up to be a "Standard" user in mac os x. now when i perform this operation, i get an authentication dialog that asks me for an administrator username and password. this is an inconvience. the usabilty has not suffered, but an added dialog to keep security intact has been added. they do not conflict directly.

    increased security only has the effect of reducing convience. i could make myself an administrator and never get a password dialog. this wouldn't have any effect on the original usability of the system. likewise, i could encrypt all my ram and swap space. this would increase security, but have no real effect on usability. security is implemented with policies, and as long as those polices are reasonable (i.e. require a methodology that isn't directly in conflict with a program trying to do it's job) then the only thing it will do is require the user to enter additional passwords when designed properly. a poorly designed system (windows) doesn't implement this policy well. doing operations like copying files to admin-writable-only folders in windows is an example of a poorly implemented policy. in mac os x, i'd get an authentication dialog. in windows, i simply would get an error, with no added dialog to request a username and password.

    --
    - tristan
  8. Re:My Soapbox by TykeClone · · Score: 3, Interesting
    Sometimes the password edict is not from the company, but from the regulators. In the banking world, the IT examiners are not (necessarily, but who's kidding - they're really not) IT people. They've got a script that they follow in looking for "IT risks" and if you have weak password policies (not forcing changes every 30 days and lockouts and other stuff) you get knocked for it.

    Those gadgets are a nice idea, but I'm not sure that they would fly (yet) with the administrators.

    --
    A fine is a tax you pay for doing wrong and a tax is a fine you pay for doing all right.
  9. Symantec says "Yes!" by asdfasdfasdfasdf · · Score: 2, Interesting

    I installed Norton Internet Security a few weeks back, and by default it kills all connections to shared resources... I've got a linux computer that's basically just a samba drone, and for whatever reason, Norton keeps blocking access.. Eventually, I had to turn all share blocking off to keep it from happening intermittently. There's no user-friendly way of telling it during install or configuration, "hey idiot, I'm connected to several drives/printers for sharing, open up those ports" It doesn't even bother to ask, it just shuts em down.. And did it again after a liveupdate.

    On my XP box, I'm paranoid enough about trojans and activex lunacy that I like to monitor in realtime what is asking for net access and block it accordingly, but at the price of these anoyances, I almost uninstalled it.

  10. direct relation... by ambienceman · · Score: 2, Interesting

    I think the Macintosh OS demonstrates the direct relationship of the two pretty well, even though other companies may not.

    --
    MY SECRET DIARIES
  11. Re:Not sure this article has a good starting premi by bitmason · · Score: 2, Interesting

    Paypal's CEO, Peter Thiel, once said "There's a trade-off between privacy, security, and convenience, you can have any two at 100 percent, but the third will be almost nonexistent." Convenience is closely related to usability.

    This is obviously a simplification, however there's a lot of truth to it. For example, at some level, any form of authentication is going to degrade privacy at some level.

  12. Re:My Soapbox by ajs · · Score: 4, Interesting

    I resolved this problem by writing a program that generates provably secure, memorable passwords for users.

    Of course, the security buffs in the audience just stood their chairs back upright, brushed off the cheetos dust from their pants and are preparing to roast me over a slow fire for public stupidity. Let me explain.

    I tried using a password generator called mkpasswd that comes with expect. I thought it generated great passwords because they looked impressively secure. Then I did the math... ulch.

    This was my introduction to a concept that I later read about in many places, including Applied Cryptography: the human's ability to judge secure from insecure is based on pattern-recognition. If you generate passwords or other tokens that don't match a pattern that the brain is used to, it looks "obscure", and that maps in most people's minds to "secure"... wrong.

    This program generated a 9-character password (sounds good) which had to contain at least one punctuation mark and 2 digits... Prolbem is there are only 10 digits, and just a handful more valid punctuation marks, so searching all 9-character passwords that contain 2 digits and a punctuation mark is orders of magnitude less work than searching all possible 9-character passwords. The result was then limited further to the requirement of 2 upper-case letters and 2 lower-case latters. Well, there goes the farm! It turns out that the result is easier to crack than a random sequence of alpha-numerics with no punctuation (and only slightly more secure than an 8-character sequence of random alpha-numerics)!

    So, I began doing some research on techniques for generating things that would look insecure (i.e. are memorable), but would actually be more secure than mkpasswd's approach. I found several approaches, and eventually came up with several of my own over the course of about 8 years. I now use a set of about 20 patterns which are permuted into slightly over 100 patterns including pseudo-word generation, permutation and combination of english words and so on. Each pattern maps to at least 1x10^13 possible passwords, and usually much more.

    I've also added various strictness settings where the top 1% or so of crackable passwords are eliminated from the result space (this is tricky, as removing too many possible results is just as bad as having a weak pattern).

    I now generate all of my passwords this way, and in reviewing what I used to have for passwords before, I have to say that my passwords are certainly more difficult to crack now (of course, part of that is that I use longer passwords now that MD5 passwords are fairly universally supported).

  13. an interesting idea I had by Illissius · · Score: 3, Interesting
    I think I'll quote a post I made at dot.kde.org just a few hours ago, as it seems relevant:

    In my opinion, the default level of security should be (the goal of) immunity to remote attacks. Whatever sacrifices necessary to achieve that should be made, and if additional security can be obtained at no cost, then there's not reason not to have it, but additional sacrifices shouldn't be made beyond that point. If someone gains physical access to the machine, well... if someone gains physical access to their TV, they can just walk off with it, and you don't see people chaining TVs to their walls to avoid the scenario. So really, it's a nonissue for 99%+ of the userbase -- and the rest can take further measures themselves (encrypting the entire drive, whatnot). So what I'd like to see is that users have to enter a password when logging in, and never again after that, unless they specifically choose to. Autogenerating highly secure passwords seems like a good idea -- perhaps Konqueror could try and detect registration forms, and fill in the password field(s) in advance? Or either way, the method to do so should be in plain sight and require minimal effort. Another idea, in order to get rid of the login password hassle entirely and increase security in the process: autogenerate a hugely secure password, and then let the user put it on a USB thumb/pen/whatever drive, flash card, floppy disk, heck, CD, or whatever media they have, and then use it in the same way as a car key. Press the power switch to turn on the computer, and when they insert the 'key', automatically login the user who's key it is. And when they remove the 'key', automatically log them out. That would be rather nice, don't you think? (There should also be a way to recover if the key is lost -- probably just forcing or forcefully suggesting the user to make backups, but that's getting into details.) (And again, if someone manages to steal it, well, credit cards and car keys can be stolen as well. There's no need to be paranoid to such a degree.)
    --
    Work is punishment for failing to procrastinate effectively.
  14. Re:Of course not. by edxwelch · · Score: 2, Interesting

    Yes, a good example is that pop-up warning message box that outlook gives you when you receive an email with an attachment - provides no real security and at the same time serves to make the application so much more annoying to use.