Usability And Security - The Messy Art Of Kaizen


By |

When it comes to computers, usability and security do not always go together. In most cases, the simpler the system, the poorer it is. Hackers use more sophisticated tools every day. Thus, people in charge of security systems and online interactions are eager to keep up to date, but provide optimal protection implies another problem: usability.

Imagine that it is not necessary to enter your password to access your mailbox. It would be really easy for users - in terms of usability - but the security level would be low. On the other hand, if we have to enter a password , decipher an encrypted code and introduce a single-use code (sent to our mobile phone via an SMS), the security level would be optimal, but we could not say the same for level of usability.

Security protocols have three basic measures : first, to prevent unauthorized access to system information. Second, ensure that only authorized users have access to the system information. Third, ensure that the system is available to authorized users. Which means that the ideal security is the one that protects the devices and the information they contain. While attesting that users can browse safely on the Internet, and that they have access to the protected information they have stored.

Usability and security are, really, areas of Science and Information Technology, called HCISec (security and “man-machine interaction”) in the academic world. As we mentioned before, it’s an endless battle. One study says there is an inherent conflict of interest between users and system developers. While for users, the highest priority is the ease of handling; developers, on the other hand, care about the security of the system.

“It is unrealistic to believe that usability and maximum security can be achieved in all systems,” writes the study’s author. “In most systems there will be a compromise between security and usability. The goal is to minimize threat scenarios as much as possible, and to maximize accessibility to usage scenarios. A useful system minimizes unintentional errors, while a secure system is designed to avoid or reduce unwanted actions in a system. “

This means that the ideal system is one that will be as good for the user as it is for the system administrator. It will also prevent the pirates from enjoying each one of them. But as for now this ideal is impossible, we pursue the search for perfection.