The Internet is a dangerous place. We have tools to make it safer, but they go unloved and unused; by ordinary people I mean, the ones who aren’t geeks. How can we fix that? Let’s look through some recent evidence; The conclusion is pretty obvious.
Two-factor · More generally, ”multi-factor”: Sign-in with more than one piece of evidence. You may have noticed that pretty well any bank in the world will give you cash money when presented with a piece of plastic and a 4-digit number. OK, these days the plastic has an embedded chip, but still.
Two-factor is great! Put yourself in the bad guy’s shoes; not only does he have to steal or guess your password, he’s got to get his hands on something you carry around. Neither of these by itself is really horribly difficult, but the combination sure is.
So, 2-factor and we’re good to go, right? Well, wrong. As evidence I offer 2FA, the aftermath by Lauren Wood [Disclosure: my wife]. This is the sort of story that makes my former colleagues in Google’s Identity group weep bitter tears. Key out-take: “There are lots of people who don’t have a mental model of passwords or authentication, who see only the pain and not the gain.” Lots as in most.
Crypto · If everything were encrypted for transmission, and also while sitting up there on the server, this would make life seriously hard for the bad guys (and also for the overenthusiastic public servants in the National-Security community).
Fortunately, we have excellent encryption tools, built around a technology called OpenPGP; PGP or GPG for short. It’s woven on a loom of rigorous math, harder than diamonds; none of the people who are in a position to know think it’s been cracked. So we’re home free, right? Wrong. Consider Ed Snowden Taught Me To Smuggle Secrets Past Incredible Danger. Now I Teach You, by Micah Lee, the story of how the whistleblower and the journalists managed to get their secret back-channel going. Key out-take: “I tried to teach GPG to Greenwald but I had the same problem Snowden had encountered when he reached out in December, that Greenwald was busy and couldn’t focus on it.” Nobody has ever said Greenwald is dumb.
The three big problems · Here’s the thing: We have authentication technology that’s good enough. We have encryption technology that’s good enough. So why aren’t our tools making the Internet safe?
User experience, and
There’s good news too. Unaccustomed as I am to praising Apple, let me do it for the second time this month. Steven Aquino, in On CVS and Rite-Aid Rejecting Apple Pay, writes “More than security and convenience, Apple Pay has another huge advantage: accessibility… In my case, as someone with low vision and (mild) cerebral palsy, no longer do I have to fumble around… All I do is pull my phone out of my pocket, rest my thumb on the home button, and I’m done.”
Wow! Once again, when you give something a good accessibility story, you usually do a favor for the more-fully-abled rest of us too.
Another good example is the YubiKey Nano. You jam it into a USB slot, forget it, and then when a program wants to know you’re there, tap it with your finger.
This is the level of user experience that every security technology needs. A wave and a finger; maybe at most a PIN. Ask for anything more, and people Just. Will. Not. Use. It. I don’t care how super-ultra-wonderful your security software is; If busy nontechnical people route around it, it’s garbage.
News from the front · I’ve been making teeny-tiny contributions toward chipping away at the coalface. I’ve mentioned this before, but check out the “Sending” and “Receiving” screencasts; the OpenKeychain team is trying hard to make Android crypto software for everyone. They’re not there yet; among other things, you can still see the encrypted payload, which is useful to exactly no-one.
If you want a real taste of usability work, check out this discussion of what (if anything) it means to “certify” an encryption key, and whether/how ordinary people should be offered the chance to do this.
There’ll come a time when we can work on the finer points of the security UX, run studies, that kind of thing. For now, we need to focus on removing big stinky ugly obstacles.
UX is hard · Harder than the hard math that goes into crypto. Harder than the hard problem of figuring out who the human is that your software is interacting with.
But since the tech behind the UX is pretty good, every little bit we manage to improve the experience should yield noticeable payoff across the whole system. Working on this stuff feels like a high-impact investment.