Busting the Myth that Security has to be Complicated

Security

Burst your bubble

When you think about security, “user-friendly” probably isn’t the first term that comes to mind.

Digital security is complicated, confusing and sometimes nearly impossible to understand. This leads to two common misconceptions:

  • Security is hard to use because it’s complicated, and
  • There’s always a tradeoff between security and usability.

Let’s go ahead and bust these myths.

Myth #1: Security is hard to use because it’s complicated

Security, by its nature, is extremely complex.

Take cryptography, the study of secure communication in the presence of third-parties. The fact that we can instantly connect to someone halfway around the world and send messages that can only be read by us and the recipient is nothing short of incredible.

Consider the following scenario: You’re at a crowded party and want to tell your friend across the room that you want to leave. You have to make sure that no one else at the party finds out; they’ll tell the host, who will be offended. To make things worse, you and your friend haven’t established any secret signals or codes ahead of time. Everyone can see and hear everything you do, but you have to make sure that only your friend understands what it means. That’s essentially what cryptography does, and the “magic” behind it is extremely complicated.

But just because something is complex doesn’t mean that it has to look and feel complex.

The math behind cryptography is absolutely mind-blowing, but the best secure products don’t BBMProtectedlook complex at all; in fact, they hide the complexities to create a great user experience.

I regularly use BBM Enterprise (formerly known as BBM Protected) with one of the designers to discuss confidential projects. I know that it’s the most secure instant messaging app out there, providing three layers of encryption, but that’s not why I use it; I use BBM Enterprise because it looks, feels and acts just like the normal BBM that I know and love. Quite literally, the only visible difference is that my messages appear in blue to remind me that the conversation is protected above and beyond the standard BBM encryption.

Myth #2: There’s always a trade-off between security and usability

There’s a common misconception that security and usability are natural enemies. Not only is this incorrect, but it leads to poor design decisions that hurt both security and usability. Let’s take a look at everyone’s favorite security topic: Passwords.

Passwords are the de-facto standard for online authentication, but they’re also one of the biggest security risks. We’ve seen high-profile examples where weak passwords were exploited to gain access to very sensitive information, photos, etc. Many security “experts” like to blame the user: “If you don’t use a long, unique password with random letters, numbers and symbols for every single account and change it every 30 days, it’s your own fault.”

But we naturally use technology to get things done; if security gets in the way, we find a way around it. We don’t use weak passwords because we’re lazy; we use them because we’re human. That means the fundamental problem with passwords is not security – the problem with passwords is usability. Making passwords easier to type and remember encourages more people to use them, which in turn improves their overall security.

BlackBerry helps to protect you even if you don’t have a strong password. If your device gets lost or stolen, you can login to https://protect.BlackBerry.com from any web browser and instantly send a command to wipe all of your data. If someone gets a hold of the device before the command arrives, they have 10 tries to guess the password before the device automatically wipes. The odds of brute-forcing a 4-character lowercase password in 10 tries: around 0.002%.

Strong passwords are always more secure, but security architects need to understand that people aren’t walking password databases. Bad designers blame the user; good designers fix the problem.

Reality: Simple security makes you happier and more secure

When I started at BlackBerry, one of my pet peeves was logging on to VPN. I always had to carry around a VPN token and type in a 6-digit code in addition to my VPN password. The code changed every 30 seconds, so I had to time it right or my code wouldn’t be accepted. What started as a small annoyance turned into a big pain when I lost the token (twice). Now with VPN Authentication by BlackBerry, my BlackBerry smartphone is my VPN token. Better yet, I can use BlackBerry Blend to securely work on just about any tablet or computer. That makes me more productive on the road and gives me more flexibility to do my job anytime, anywhere.

Technology is always evolving and BlackBerry is at the forefront of mobile innovation. Between securing Android, iOS, Windows Phone and BlackBerry smartphones and tablets with BES12, partnering with Samsung to provide end-to-end security for KNOX devices, and working with Google to support Android for Work, we’ve seen incredible changes in the mobile market over the past year. But no matter how much things change, one thing will stay the same: the underlying security of BlackBerry that makes these mobile experiences simple and easy to use.

Let me know your thoughts in the comments below or on Twitter with #BBSecurity. If there are other security topics you’d like to learn about, I’d love to hear from you.

About Alex Manea

Alex Manea is the Director of BlackBerry Security. He is a founding member of the group that has made BlackBerry synonymous with mobile security. Alex has looked after BlackBerry product security for over 9 years, including BlackBerry smartphones, BES and BBM. He is a Certified Software Security Lifecycle Professional and has an Honors degree in Systems Design Engineering from the University of Waterloo.

Join the conversation

Show comments Hide comments
+ -
blog comments powered by Disqus