SCN: Security

[Steve]

x-no-archive: yes

==========================

(Jakob Nielsen's Alertbox, excerpts)---Summary: The big lie of 
computer security is that security improves by imposing complex 
passwords on users. In real life, people write down anything they 
can't remember. Security is increased by designing for the way 
humans actually behave. 

Usability advocates and security people have opposite goals:  

...Make it easy to start using a system, ideally without going through 
any special access procedures.

...Make it hard to get into a system, at least for unauthorized users.

We have a fundamental conflict here. How to resolve it? By 
recognizing that the real goal of security is to minimize the relative 
amount of unauthorized use. A system that nobody can use will 
have no unauthorized users, but it is not one anybody would want to 
build.

The big lies of computer security: 

...Random passwords are more secure.

...A password chosen by the system is more secure than one 
chosen by the user.

...Long passwords are more secure.

...Forcing the user to change passwords frequently increases 
security.

...Requiring different passwords for different systems increases 
security.

All of these statements would be true if we did not have to consider 
the human factor. In real life, passwords that comply with the above 
list of "security-enhancing" principles lead to one outcome: Users 
write down their passwords. Take a walk around any office in the 
world, and you can collect as many passwords as you like from the 
following mechanisms:  

...Look at the yellow stickies pasted onto the terminals.

...Look for the cheat sheet in the user's top drawer.

...Search the harddisk for the file containing all the passwords in one 
spot.

Simpler passwords that users can remember increase the 
probability of being kept secret. Same for passwords chosen by the 
user and passwords that don't have to be changed too frequently.  

True, such passwords are easier to crack, but the vast majority of 
security breaks come from intruders (or insiders) who expose a 
human weakness; not ones that run code-breaking algorithms.  

Many websites have harsh requirements for the format of 
passwords. It is recommended to relax the rules as much as 
possible, given the nature of the system. Obviously, a system for 
trading millions of dollars must be more secure than one that allows 
people to read the newspaper.  

If the rules are too strict, many users will not be able to use names 
and passwords that make sense to them. This increases the 
likelihood of having users forget their login information the next time 
they visit. Forgotten passwords are the cause of countless repeated 
registrations across the Web: people often have 5-10 "accounts" on 
the same website.  

For sensitive systems, many users feel more comfortable when 
they see an explicit logout button. For most systems, assume that 
users will not log out but simply leave. That's the spirit of the Web 
and that's what the security system must support.




* * * * * * * * * * * * * *  From the Listowner  * * * * * * * * * * * *
.	To unsubscribe from this list, send a message to:
majordomo at scn.org		In the body of the message, type:
unsubscribe scn
==== Messages posted on this list are also available on the web at: ====
* * * * * * *     http://www.scn.org/volunteers/scn-l/     * * * * * * *