Wednesday April 20, 2011

Security Doesn't Have to Trump Usability

Thomas Baekdal has a great piece on the usability of passwords. He has good evidence that using a password made up of three common words is on par with using a six character jumble, like J4fS<2. The benefit of the former is that it is much easier to remember, doesn’t need to be written down, and is therefore more secure.

He focuses specifically on passwords, but I can see this extrapolated to securing systems in other areas, too. The most common weaknesses are social. Tire the user out and you’ve lost. Revisit the rules you enforce on your users for their security. Is a lack of usability weakening your system in ways you didn’t expect?