Monday, September 22, 2008

Security and usability

IT security people have a tough task. They need to provide systems that can't be accessed by outsiders but are easy for insiders to use and allow them to get their work done. The problem is, the outsiders who try to crack systems are much, much better at what they do then most computer users are at understanding security. Most people don't give security a thought unless their identities are stolen or their accounts are hacked. The recent news item about VP candidate Palin's Yahoo! account being hacked shows how easy it is to learn someone's security questions and use them to reset a password.

I attended one of the first meetings of IT security and usability engineers at the CHI conference in Ft. Lauderdale in 2003. It was two groups of people who hadn't given the other much thought before, but we all could clearly see the value of collaborating in the future. Part of this is an organizational problem, because people aren't rewarded for practicing good security behavior, and are rarely called on bad behavior because it's not monitored.

No comments: