Zero-sum: Simple vs. Secure
Are there any examples where there isn’t any tradeoff between simple and secure? I don’t think so.
Some of the best new ideas to simplify security only mitigate complexity or still sacrifice some security.
For example, sending a link to sign-in instead of requiring a password. It’s definitely nicer than having a password, but it still relies on email or phones having password protection. It also sacrifices security, with longer sessions or simply the fact most people leave their email signed in.
Another example is touch ID. I can’t imagine going back to a mobile phone without it. However, there’s still a number of times where it fails to read my fingerprint or requires my password (e.g. on restart, after X time period). Not to mention the obvious hack of forcing the fingerprint. It’s a step in the right direction, but there’s always tradeoffs.
The amount of information stored digitally requires security measures be taken. But has fear-mongering pushed this too far? It’s at the sacrifice of simple, easy to use, systems. As I was reminded recently, by using bluetooth headphones, there’s a freedom that comes from simplicity. It’s a zero-sum game and simplicity is losing.
Originally published at simprod.wordpress.com on January 10, 2016.