Stop Trying to Fix the User

Security Design: Stop Trying to Fix the User by Bruce Schneier (schneier.com)
We must stop trying to fix the user to achieve security. We'll never get there, and research toward those goals just obscures the real problems. Usable security does not mean "getting people to do what we want." It means creating security that works, given (or despite) what people do. It means security solutions that deliver on users' security goals without­ -- as the 19th-century Dutch cryptographer Auguste Kerckhoffs aptly put it­ -- "stress of mind, or knowledge of a long series of rules."
Old (by Internet standards) but still relevant.

One response on “Stop Trying to Fix the User”

Mentions

  • Duncan Stephen

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.