Latest from me at Wired:
Staying secure online is a pain. If you really want to protect yourself, you have to create unique passwords for every web service you use, turn on two-factor authentication at every site that supports it, and then encrypt all your files, e-mails, and instant messages.
At the very least, these are tedious tasks. But sometimes they’re worse than tedious. In 1999, researchers at Carnegie Mellon University found that most users couldn’t figure out how to sign and encrypt messages with PGP, the gold standard in e-mail encryption. In fact, many accidentally sent unencrypted messages that they thought were secured. And follow-up research in 2006 found that the situation hadn’t improved all that much.
As many internet users seek to improve their security in the wake of ex-government contractor Edward Snowden exposing the NSA’s online surveillance programs, these difficulties remain a huge issue. And it’s hard to understand why. Do we really have to sacrifice convenience for security? Is it that security software designers don’t think hard enough about making things easy to use—or is security just inherently a pain? It’s a bit of both, says Lorrie Cranor, an expert in both security and usability and the director of Carnegie Mellon’s CyLab Usable Privacy and Security Laboratory, or CUPS for short. “There isn’t a magic bullet for how to make security usable,” she says. “It’s very much an open research project.”
(I don’t care for that headline — there’s not really much evidence that this is necessarily going to change anytime soon)