Most systems still only offer username/password authentication, and most people are still happy to use it, even though everyone knows (for example, through daily media headlines) that there are pervasive user access security problems with it.
Why don't people use certificate-based access authentication?
This question is important for email security and also in other areas, such as web site and blog access.
We suggest that a proper answer requires thinking that has to be much more nuanced and sophisticated than just a discussion of usability versus security.
Such thinking should come also from analyzing online and offline feedback, as we need to approach the question as it is seen -- from many sides.
We have taken this approach in our paper, now updated, at http://email-security.net/papers/takefive.htm
Please provide your comment. You can also Read the Compact Version
Thank you!
Ed Gerck
Welcome to Email-Security. This is a technical development forum dedicated to a fresh exploration of the Internet email security issues of today, with website at http://email-security.net. Comments and paper contributions on the theme of email security are welcome. Papers will be peer-reviewed before publication. Product and service listings are also welcome, see website.
Saturday, December 19, 2009
Friday, November 13, 2009
Let's "Take Five" In Internet Security
With everything that is happening (and not happening) in Internet security today, and all its complexity, it is perhaps useful to stop our busy day and take a little time out to start a conversation and question a couple things.
The worst Internet security problem for users today is not email or even about email, however it deeply affects email security. We are talking about the security and usability of Internet user access control systems. This problem is well-known but we meekly accept it "as it is" everyday.
But the paradigm may shift in five minutes. We find that, surprisingly, to tackle this problem we just need to take five minutes to go over five frequently asked questions. And that is our invitation to read the paper and provide your comment at http://email-security.net/papers/takefive.htm
You can also Read the Compact Version
Thank you!
Ed Gerck
The worst Internet security problem for users today is not email or even about email, however it deeply affects email security. We are talking about the security and usability of Internet user access control systems. This problem is well-known but we meekly accept it "as it is" everyday.
But the paradigm may shift in five minutes. We find that, surprisingly, to tackle this problem we just need to take five minutes to go over five frequently asked questions. And that is our invitation to read the paper and provide your comment at http://email-security.net/papers/takefive.htm
You can also Read the Compact Version
Thank you!
Ed Gerck
Subscribe to:
Posts (Atom)