The Internet is a dangerous place. We have tools to make it safer, but they go unloved and unused; by ordinary people I mean, the ones who aren’t geeks. How can we fix that? Let’s look through some recent evidence; The conclusion is pretty obvious.
Two-factor · More generally, ”multi-factor”: Sign-in with more than one piece of evidence. You may have noticed that pretty well any bank in the world will give you cash money when presented with a piece of plastic and a 4-digit number. OK, these days the plastic has an embedded chip, but still.
Two-factor is great! Put yourself in the bad guy’s shoes; not only does he have to steal or guess your password, he’s got to get his hands on something you carry around. Neither of these by itself is really horribly difficult, but the combination sure is.
So, 2-factor and we’re good to go, right? Well, wrong. As evidence I offer 2FA, the aftermath by Lauren Wood [Disclosure: my wife]. This is the sort of story that makes my former colleagues in Google’s Identity group weep bitter tears. Key out-take: “There are lots of people who don’t have a mental model of passwords or authentication, who see only the pain and not the gain.” Lots as in most.
Crypto · If everything were encrypted for transmission, and also while sitting up there on the server, this would make life seriously hard for the bad guys (and also for the overenthusiastic public servants in the National-Security community).
Fortunately, we have excellent encryption tools, built around a technology called OpenPGP; PGP or GPG for short. It’s woven on a loom of rigorous math, harder than diamonds; none of the people who are in a position to know think it’s been cracked. So we’re home free, right? Wrong. Consider Ed Snowden Taught Me To Smuggle Secrets Past Incredible Danger. Now I Teach You, by Micah Lee, the story of how the whistleblower and the journalists managed to get their secret back-channel going. Key out-take: “I tried to teach GPG to Greenwald but I had the same problem Snowden had encountered when he reached out in December, that Greenwald was busy and couldn’t focus on it.” Nobody has ever said Greenwald is dumb.
Try it for yourself! Here’s an excellent beginners’ introduction, PGP and You (PDF) by Caleb Thompson. If a geek, go have a look. If you’re not, don’t bother… and that’s the problem.
The three big problems · Here’s the thing: We have authentication technology that’s good enough. We have encryption technology that’s good enough. So why aren’t our tools making the Internet safe?
User experience, and
There’s good news too. Unaccustomed as I am to praising Apple, let me do it for the second time this month. Steven Aquino, in On CVS and Rite-Aid Rejecting Apple Pay, writes “More than security and convenience, Apple Pay has another huge advantage: accessibility… In my case, as someone with low vision and (mild) cerebral palsy, no longer do I have to fumble around… All I do is pull my phone out of my pocket, rest my thumb on the home button, and I’m done.”
Wow! Once again, when you give something a good accessibility story, you usually do a favor for the more-fully-abled rest of us too.
Another good example is the YubiKey Nano. You jam it into a USB slot, forget it, and then when a program wants to know you’re there, tap it with your finger.
This is the level of user experience that every security technology needs. A wave and a finger; maybe at most a PIN. Ask for anything more, and people Just. Will. Not. Use. It. I don’t care how super-ultra-wonderful your security software is; If busy nontechnical people route around it, it’s garbage.
News from the front · I’ve been making teeny-tiny contributions toward chipping away at the coalface. I’ve mentioned this before, but check out the “Sending” and “Receiving” screencasts; the OpenKeychain team is trying hard to make Android crypto software for everyone. They’re not there yet; among other things, you can still see the encrypted payload, which is useful to exactly no-one.
If you want a real taste of usability work, check out this discussion of what (if anything) it means to “certify” an encryption key, and whether/how ordinary people should be offered the chance to do this.
There’ll come a time when we can work on the finer points of the security UX, run studies, that kind of thing. For now, we need to focus on removing big stinky ugly obstacles.
UX is hard · Harder than the hard math that goes into crypto. Harder than the hard problem of figuring out who the human is that your software is interacting with.
But since the tech behind the UX is pretty good, every little bit we manage to improve the experience should yield noticeable payoff across the whole system. Working on this stuff feels like a high-impact investment.
Comment feed for ongoing:
From: dave (Oct 28 2014, at 21:10)
My dad can using MacOSX and iOS reasonably well, but can't remember passwords at all. I've tried setting up 1Password for him but he can't remember how to use it effectively. Now passwords go in a notebook he carries with him.
And even Apple's 2-factor iCloud authentication doesn't always work in an acceptable way. I tried turning it on several times, only to be stymied by NEVER getting the SMS message from Apple [still have NO idea why you MUST have at least one device that can receive SMS messages, even if you don't use SMS for authentication]. Even the dialog says there is a way to go past it without getting an SMS message, but I couldn't figure it out [BSc Computer Engineering, been using Apple's almost exclusively for about 30 years]. Turns out Bell turned off short-code SMS messages, so after 1/2 hour of figuring out how to turn them back on, I finally could enable 2-factor auth.
From: PB (Oct 30 2014, at 01:59)
OT,but I'm of a mind to start calling some of those public servants you mention "private servants", for that is what they have become.
Not all, by any means; not do I mean to disparage public service. But we we're reaching the point where our language -- OK, rhetoric -- needs to better reflect the reality. Pointedly, with respect to certain individuals and positions.
And... To bring this comment full circle, if they can and do act privately, then so should we.
From: J. King (Oct 30 2014, at 12:23)
I was curious about the guide you linked to by Caleb Thompson, but it has obvious failures from the very start of the first page: it assumes you're running Mac OS X (I run Windows), it assumes you'll have Homebrew installed (I'd never even heard of it before now), and it assumes the first two assumptions are obvious (they're really not). Sheesh. No wonder no one encrypts anything, if even friendly guides are so obscure right out the gate.