Why Convenience Is the Enemy of Security
Convenience or security: pick one. It’s actually not that cut and dry, but it is a sliding scale that requires finding the right balance between the two. Tools that make your life more convenient also tend to make it less secure. Technologies that make you more secure are also generally inconvenient.
Think about your house. It would be convenient if the door didn’t even exist and you could just walk in. But, you also want some privacy and you want to prevent roaming animals and random strangers from entering, so you have a door. Of course, other people can also open the door, so you have to go a step further and put a lock on the door. Now you’re home is more secure, but you have to unlock and open the door in order to enter.
That seems like an acceptable balance. It has been embraced as a societal norm, and nobody really stops to think or complain about the “inconvenience” of closing and locking the door. We haven’t yet achieved that sense of convenience / security equilibrium in the digital world.
Strong password security causes almost as many problems as it solves. Everyone knows they’re not supposed to use the word “password”, or the name of their pet as their password. But, creating long passwords comprised of uppercase and lowercase letters, numbers, and special characters means they’re also harder to remember. Complex passwords lead to more users locking themselves out of their own accounts, or finding ways to undermine the password policy and choose easily cracked passwords in spite of the rules.
New mobile platforms and desktop operating systems are starting to implement facial recognition as a means of logging in. Just look into the camera and the system will recognize you and spring to life. It’s all very “2001: A Space Odyssey” or “Star Trek”.
There’s no arguing with the fact that it would be convenient for your devices to simply recognize you without any further interaction on your part. But, how can the system really know it’s you? What if someone has a nice headshot of you that they hold up to the camera? Unless the system includes a failsafe to ensure the face it detects is connected to a living, breathing person, that convenience could be an Achilles heel for security.
One of the simplest solutions is two-factor authentication. Go ahead and use a password that’s easier to remember, but also require a PIN from your mobile phone to be entered. Feel free to embrace facial recognition, but also require a password, or fingerprint scan to unlock the system.
Is it convenient? No, not really. But, is it an acceptable level of inconvenience for the amount of security it provides? Yes, probably. Think of it like shutting and locking the door on your house.