Saturday, December 19, 2009

Why don't people use certificate-based access authentication?

Most systems still only offer username/password authentication, and most people are still happy to use it, even though everyone knows (for example, through daily media headlines) that there are pervasive user access security problems with it.

Why don't people use certificate-based access authentication?

This question is important for email security and also in other areas, such as web site and blog access.

We suggest that a proper answer requires thinking that has to be much more nuanced and sophisticated than just a discussion of usability versus security.

Such thinking should come also from analyzing online and offline feedback, as we need to approach the question as it is seen -- from many sides.

We have taken this approach in our paper, now updated, at http://email-security.net/papers/takefive.htm

Please provide your comment. You can also Read the Compact Version

Thank you!
Ed Gerck

Friday, November 13, 2009

Let's "Take Five" In Internet Security

With everything that is happening (and not happening) in Internet security today, and all its complexity, it is perhaps useful to stop our busy day and take a little time out to start a conversation and question a couple things.

The worst Internet security problem for users today is not email or even about email, however it deeply affects email security. We are talking about the security and usability of Internet user access control systems. This problem is well-known but we meekly accept it "as it is" everyday.

But the paradigm may shift in five minutes. We find that, surprisingly, to tackle this problem we just need to take five minutes to go over five frequently asked questions. And that is our invitation to read the paper and provide your comment at http://email-security.net/papers/takefive.htm

You can also Read the Compact Version

Thank you!
Ed Gerck