As mentioned last month, the security-convenience trade-off in computer security is radically different from traditional locks and keys. Regular users are so habituated to door keys that they don't even think of the trade-offs! Keys are so easy to use that nobody bothers to make them "easier" with the equivalent of Single Sign On (just imagine asking your boss to re-key the office door and all the file cabinets just so you could use the same key for work as well as your home and car - it would be preposterous).
The cyber security-convenience trade-off could be radically re-jigged if we adopted serious physical keys for our computing devices. The usability dilemma online is really all about human factors engineering.
It's instructive to look at the evolution of door locks. For centuries we've used the same basic form factor: as the Oxford dictionary puts it, "a small piece of shaped metal with incisions cut to fit the wards of a particular lock, which is inserted into a lock and turned to open or close it".
The UX is universal, while under the covers, security R&D has spawned long and steady improvement.
And the most recent smart car keys still have a mechanical emergency key for when the electronics fails!
Posted in Security