Given our location at Bletchley Park this year and it’s major role in the history of Cryptology, we’ll be developing a bit of a theme around modern-day security and encryption. It’s doubly a hot topic thanks to the implosion of the News of the World in light of the telephone-hacking scandal, and Dasient discoving that 800 of 10,00 Android Apps leak personal data.
To get the conversation started and perhaps inspire some problem-solving for this year’s Hack-a-thon, I’d like to share a recent post from Mark Vanderbeeken on Experientia’s Putting People First blog:
|Online security for regular people like you and me is a disaster. It’s a killer app waiting to be designed.When you have a smartphone with some apps and a computer, you easily have to manage 30 to 50 sites and apps that require passwords. And the experience of this is highly non-human-centered. It all protects the site/app owner but doesn’t help us, and – worst of all – doesn’t take into account how our memory and psychology work.6% of Italians suffer economic losses because of this, and some suffer a lot (from 1000 to 5000 euro). Italians, I think, are not in any way special in this. They are like most other people.
Security experts suggest to change passwords often, and to select complicated passwords (like “v37AEBRasdRqS”) that are not easy to guess (but also not easy to remember). Now imagine that you have to do this on multiple devices for over 50 sites and apps. It’s a nightmare and completely unsustainable.
Security experts should read a few books on cognitive psychology.
But they don’t. So in the end, we simply have to struggle with the many usernames and passwords, write them down, store them somewhere, and hope that all goes well. All doesn’t go well, of course. And risks multiply the more sites you frequent that require a password.
How can you protect yourself in a decent and easy-to-use way?
Well, the shocking thing in this multi-device world is that you can’t really. As a Mac only user, seeing the limitations of Mac Keychain, I tried the top of the line (1Password for Mac and 1Password for iPhone/iPad), only to discover that it only works with websites on computers and mobile devices. Forget apps – let alone password access to apps within apps (let’s say entering Instapaper passwords within Feeddler, so you can save an article for later reading).
And that’s just within the Apple ecosystem. Imagine if you have to deal with multiple brand devices.
Why is this such a disaster? Why is nobody confronting this? Please comment