Don Norman: Designing For People

Nielsen Norman Group

Secrets & Lies: Digital security in a networked world.

— In the end, security depends upon people. You can have the most powerful encryption in the world, but the weak link is the systems, procedures, and people who implement them.

There is a nasty tradeoff between ease of use (and systems appropriate for people) and systems that are safe, secret, and secure. Practice so-called "good" security, and you end up with unlearnable passcodes. Worse, with dozens of unlearnable codes, each of which should be changed monthly. What do people do in those cases? They either change the codes to simple phrases (or their address, birthdays, or pet's name), or they write them down, tape them to their computers, and otherwise manage to survive. In other words, the more secure you make the security, the less secure the system.

This is why, end to end, only a biometric system will work. But think of the horrors there. If your retinal code is once misused or misappropriated, you may never ever be allowed to log on, or to buy anything.

Also see "Crypto," above.)

Pointer to the book at >