SCN: Security
Steve
steve at advocate.net
Mon Nov 27 14:16:55 PST 2000
x-no-archive: yes
==========================
(Jakob Nielsen's Alertbox, excerpts)---Summary: The big lie of
computer security is that security improves by imposing complex
passwords on users. In real life, people write down anything they
can't remember. Security is increased by designing for the way
humans actually behave.
Usability advocates and security people have opposite goals:
...Make it easy to start using a system, ideally without going through
any special access procedures.
...Make it hard to get into a system, at least for unauthorized users.
We have a fundamental conflict here. How to resolve it? By
recognizing that the real goal of security is to minimize the relative
amount of unauthorized use. A system that nobody can use will
have no unauthorized users, but it is not one anybody would want to
build.
The big lies of computer security:
...Random passwords are more secure.
...A password chosen by the system is more secure than one
chosen by the user.
...Long passwords are more secure.
...Forcing the user to change passwords frequently increases
security.
...Requiring different passwords for different systems increases
security.
All of these statements would be true if we did not have to consider
the human factor. In real life, passwords that comply with the above
list of "security-enhancing" principles lead to one outcome: Users
write down their passwords. Take a walk around any office in the
world, and you can collect as many passwords as you like from the
following mechanisms:
...Look at the yellow stickies pasted onto the terminals.
...Look for the cheat sheet in the user's top drawer.
...Search the harddisk for the file containing all the passwords in one
spot.
Simpler passwords that users can remember increase the
probability of being kept secret. Same for passwords chosen by the
user and passwords that don't have to be changed too frequently.
True, such passwords are easier to crack, but the vast majority of
security breaks come from intruders (or insiders) who expose a
human weakness; not ones that run code-breaking algorithms.
Many websites have harsh requirements for the format of
passwords. It is recommended to relax the rules as much as
possible, given the nature of the system. Obviously, a system for
trading millions of dollars must be more secure than one that allows
people to read the newspaper.
If the rules are too strict, many users will not be able to use names
and passwords that make sense to them. This increases the
likelihood of having users forget their login information the next time
they visit. Forgotten passwords are the cause of countless repeated
registrations across the Web: people often have 5-10 "accounts" on
the same website.
For sensitive systems, many users feel more comfortable when
they see an explicit logout button. For most systems, assume that
users will not log out but simply leave. That's the spirit of the Web
and that's what the security system must support.
* * * * * * * * * * * * * * From the Listowner * * * * * * * * * * * *
. To unsubscribe from this list, send a message to:
majordomo at scn.org In the body of the message, type:
unsubscribe scn
==== Messages posted on this list are also available on the web at: ====
* * * * * * * http://www.scn.org/volunteers/scn-l/ * * * * * * *
More information about the scn
mailing list