In a choice between security and convenience, convenience will win every time.
- some rando on the internet
When trying to pitch some users on not leaving their passwords on a sticky note on their monitors, I was going to use the example of "you wouldn't tape your house keys to your front door". But before the words could leave my mouth I remembered a past house-call customer who did exactly that.
The moral of the story is when planning for security, you either need to make the cost of shortcutting enormous and immediate (think firing w/perp-walk out the door) or more convenient than shortcutting. The first is obviously unpopular with most, and the second is a huge PITA for devs who will also choose convenience by offloading to MFA-in-a-box and shouting "let them eat TOTP apps and choose traffic lights!".
Damn, this started as a funny story about security and ended in mild depression... 😭
Replies (3)
This is a random question. But is there a middle ground? Something that requires work but is more convenient. I think the challenge would be not to slide into more and more convenience. But I feel like the middle way would get more traction from those who pay attention.
There are some that try; for example Cloudflare has a replacement for CAPTCHAs that doesn’t require any interaction from the user (linked below). It’s also roughly the same amount of work for devs to implement. The problem is that if the service goes down or the dev’s implementation breaks, the dev’s bosses will come screeching into their office asking why their paying customers can’t access the page and demand the security be removed, for convenience sake (ask me how I know 😶).
I guess my opinion is that when it comes to security and convenience, there is no middle ground for the majority of people. There are some users who value security and will seek it out, and some builders who will relentlessly push for it at all costs (lovingly tagging nostr:npub12ctjk5lhxp6sks8x83gpk9sx3hvk5fz70uz4ze6uplkfs9lwjmsq2rc5ky, makers of the legendary Coldcard and other security-first products). Everyone else will make like entropy and slowly (or quickly) drift toward convenience.
I wish I was more technical to make use of better security. I definitely gravitate towards convenience.
