[Cryptography] fighting designs in habituation since 1883
Guido Witmond
guido at witmond.nl
Tue Apr 21 17:45:10 EDT 2015
On 04/16/15 12:39, Hanno Böck wrote:
> On Wed, 15 Apr 2015 13:46:46 +0100
> Ian G <iang at iang.org> wrote:
>
>> MRIs show our brains shutting down when we see security prompts
>>
>> This is your brain after repeated security warnings. Any questions?
> ...
> And also this one, about MRI scans on dead fish:
> http://boingboing.net/2012/10/02/what-a-dead-fish-can-teach-you.html
Whether you scan people or dead fish, the problem remains. It's that we
force end-users to make a security decision that they are unable to
answer: Is it safe to continue or not?
Users have learned to click 'continue' at every roadblock, whether it's
safe or not. This study proofs that.
Now if we had systems that were able to correctly verify if a certain
certificate was expected or not _and_ refuse connection when not without
override options, then we would see some improvements in both security
and usability.
[objDisclaimer: I claim to design protocols that do just that.]
Regards, Guido Witmond.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150421/bed61d1c/attachment.sig>
More information about the cryptography
mailing list