Re: Is the padlock a page security score?

----- "Dan Schutzer" <dan.schutzer@fstc.org> wrote:
> I am not sure. If there were scores and competing services so that I
> had a choice then security might actually improve. Suppose I had two
> competing social networks with vastly different security scores; for
> example, One with a 70 and one with a 90 security score – I just might
> not use the service with the 70 security score. Perhaps if we had
> reliable scores and people started picking one service over another
> based upon the scores, we might get services that are more serious
> about security.

I don't think that's where the problem exists, though. It's not the case that people are trying to choose between which of N different social networking sites they want to work with (they'll go to the ones that their friends are using).

Where the number *would* come in handy is when they're used to seeing a "72" for their bank or online shopping site, but all of a sudden they see a "38". It's the change in the security values that become interesting. At that point, though, why would we require that the user remember that theirshoppingsite.com is usually a 72, but all of a sudden became a 36. Why would we not, instead, just alert them to the fact that there's something suspicious, and they shouldn't use the site at this time (with links to more detail for those who wish to know what tipped us off).

Again I say: the message needs to be meaningful and actionable. A summary statistic isn't thus.

(Earlier we talked about 70% chance of rain, and I applauded it as an interesting analogy. I realize, actually, that the liklihood of rain isn't the same as a summary statistic for security, as rain is one aspect of the weather. A more appropriate analogy would be if weather reports told us that tomorrow would be "72% nice".)

cheers,
mike

Received on Friday, 11 January 2008 04:33:19 UTC