Jakob Nielsen's AlertBox is a good source of cranky, well-structured rants about what's wrong with the interaction design online. This week's is about security, and why user-education is not the answer. Our tools conspire against us to make us less secure, and if we're to be made more secure, our tools will have to be enlisted to work on our behalf. I'm particularily enamoured of recommendation number one: I think that "Encrypt Everything" should be the watchword of the security movement.
So many systems — from Yahoo's login screen to most ISP-provided POP mail to iChat/AIM to all those reg-required news-sites — default to you sending your password in the clear or even require you to do it, it's a crine shame.
Especially given how many passwords we need to generate these days and the concomittant inevitability of recycling passwords, which means that your throwaway NYT-LAT-WashPo password, which you send in the clear every time you login to one of those sites, may suddenly become associated with your credit-card number when you buy access to an article out of the NYT archive. Now you're sending a password that unlocks limited spending authority on your credit-card in the clear, potentially several times a day. Gee, thanks, NYT.
# Encrypt all information at all times, except when it's displayed on the screen. In particular, never send plaintext email or other information across the Internet: anything that leaves your machine should be encrypted.
# Digitally sign all information to prevent tampering and develop a simple way to inform users whether something is from a trusted source. This might, say, replace current stupid security warnings that people don't understand because they expose the guts of the technology. ("The security certificate has expired or is not yet valid." Aha. And what does that mean to a normal person?)
# Turn on all security settings by default since most people don't mess with defaults. Then, make it easy to modify settings so that users can get trusted things done without having to open a wide hole for everybody.
# Automate all updates. Most virus software downloads new virus definitions in the background, which is a good first step. The automated patching introduced with Windows XP's SP2 is also an improvement.
# Polish security features' usability to a level far beyond anything we've seen so far. Security is inherently complicated, and it's something users don't care about (until it's too late). The user interface requires the ultimate in simplicity. Heavy user testing and detailed field research are a must.
Update: In fact, if you look at the source code for login.yahoo.com (for the
"standard" security) you'll see that the form uses:<form method=post
action="https://login.yahoo.com/config/login?cm3nqsgq0mv6j"
autocomplete=off name=login_form onsubmit="return
hash(this,'http://login.yahoo.com/config/login')"> What that does is if you have javascript enabled, it creates an MD5
hash of your password (plus an included challenge) and sends that along
with your userid. If you don't have javascript, it defaults to sending
everything via https. Effectively your password is never broadcast in
the clear, only your userid, which is public information anyway.
