Strength in Complexity?
Pat Farrell
pfarrell at pfarrell.com
Wed Jul 2 20:08:46 EDT 2008
Peter Gutmann wrote:
> Pat Farrell <pfarrell at pfarrell.com> writes:
>> At CyberCash, where we had real RSA/DES in the system, we found that "users
>> want convenience, not security"
>
> I think that's phrasing it a bit badly, it'd be better put as "without
> usability, you won't have users" (see the Tor paper "Challenges in deploying
> low-latency anonymity" for more thoughts on this).
I don't think we are disagreeing much, but the essence of the CyberCash
law is that user's only focus is on convenience. If you give them a
choice, any and all bumps in the road to ease of use cause rejection.
I'm not trying to argue that 12+ years ago we had great usability. The
world's expectations have evolved a lot since then. But we put a lot of
engineering into usability. And it was not enough.
I believe that its not "users will accept some glitches to get security"
Rather, users only care about usability/convenience. It has to be
trivial to use first. Cite Twitter, blogs, etc.
The key message to take away is that when we pros design systems, at
least for mass markets, the users will tolerate nothing except convenience.
Pat
--
Pat Farrell
http://www.pfarrell.com/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list