Thursday, May 8, 2008

The art of combining security and usability

I am thinking about the art of combining security and usability which in most cases does not exist.

Security experts are trying to do everything so secure that nobody can use it or wants to use it since it to complex. If people use it they does everything they can to find workarounds which tends to create new security holes.
On the other side of the ring are the usability experts that totally ignores the need for security.

What most people miss is that these two types of experts need to cooperate. The usability experts can hep the security experts to design usable secure solutions and vice versa. A usable secure solution is much more secure than a non usable secure system. The usable system will help the user to do the right thing and not encourage them to use their energy to find unsecure workarounds.

Which side of the ring will take the initiative?

No comments: