ihoby wog

Here is my grid for keeping track of how authentication methods compare to one another. Apologies if you’re color blind, since I’m using green for good, yellow for okay, and red for bad. The “hoby netid” method is a protocol of my own design that has yet to be implemented.

Ahh the age old battle between Security and Usability.

I hope in the future that we arrive at these conclusions:

• Obscurity is not security
• Security problems most popular in the news (and in Congress) are the least common in reality
• Current forms of security don’t work for people and the data proves that
• Most implementations widely used only provide the perception of security
• Nothing is uncrackable or unhackable

• Usability is usually more important than security
• Security need only be sufficient to demoralize malice, while usability must succeed in actually enticing interest in an unappealing activity (luring is more difficult than impeding)
• When we make more usable functionality quicker to implement (one line of code) then developers will welcome it
• When we prove with data that many threats are not reality and security is often overkill then employers can feel good about tipping their investment in favor of usability

Currently we have a lot of fearful perception and “what if” corner cases polluting the landscape. Getting consensus on this topic doesn’t easily happen right now. Security is entrenched in technology and that point of view is what wins most often, especially in the States.