User Insecurity

Two recent articles highlight what is probably old news to most security professionals: the weakest security link is the user. This is why it’s important to help users help themselves. They aren’t security (or privacy) experts. This is especially true when circumventing what user’s trust is a secure connection (i.e. a supposedly helpful man in the middle). I find it especially interesting to see that most users, who view going to a webpage as a very solitary and privaty experience, aren’t even aware of all the other users who can go to the same website as them. This is why they choose “password” as their password, because for them they are alone in going to the site, no one is around to see them type in “password.” They just are cognizant that other people might try to type in their username and “password.”