- From: James A. Donald <jamesd@echeque.com>
- Date: Wed, 21 Jun 2006 19:32:29 +1000
- To: "James A. Donald" <jamesd@echeque.com>, public-usable-authentication@w3.org
--
Thomas Roessler wrote:
> With respect to usability, this approach to scoping
> quite consciously pushes one of the really hard
> problems to the sidelines for the moment: How do you
> get users out of routine? How do you wake them up, so
> they become vigilant in the first place?
A solution that requires users to be vigilant is
unlikely to succeed. Security *should* be routine. If
it requires conscious thought, it is a bug.
> But please don't repeat over and over (together with
> Chris Drake) that "the problem can't be broken into
> pieces." This is not helpful at all.
Of course the problem can be broken into pieces - but
not pieces that suit application and organizational
boundaries.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
KR7GR+AE0d5uqnofH6Cx4xQvR0yE8EtGMjoH7pOG
4zNjtYPLN+Yo6Q4t6wRSlaGZIGoI/lTg9LqG0nP3t
Received on Wednesday, 21 June 2006 09:32:35 UTC