[liberationtech] Schneier: Focus on training obscures the failures of security design

[Louis Suárez-Potts]

Doesn't this paragraph—below—sort of make intense discussion moot? I mean, if passwords are so last century, and if training is focused on getting workers to use already obsolete techniques that do nothing to secure against real threats, then…. where's the discussion? If the premise is correct, then the conclusion follows as Schneier states. I'd use a different analogy, of course. Just as duck and cover would probably have been as effective as putting a duck under cover (with orange sauce, I hope), so too…

In fact, like duck and cover, training is a spend that defrauds, and what does matter is intrinsically good design. And that's as true for security as usability as accessibility as interoperability. What's more, good design, the sort that defends privacy (and what else is a security breach but an intrusion, or invasion of privacy?), also promotes democrac

louis


On 13-03-27, at 19:45 , Carol Waters <wish117 at gmail.com> wrote:

> On the other hand, password advice from 10 years ago isn’t relevant today (PDF). Can I bank from my browser? Are PDFs safe? Are untrusted networks OK? Is JavaScript good or bad? Are my photos more secure in the cloud or on my own hard drive? The “interface” we use to interact with computers and the Internet changes all the time, along with best practices for computer security. This makes training a lot harder.