Security needs usability
by Volker Weber
This is the top line of my iPhone apps. I consider all of them secure. I would only need iMessage (Messages) if all my contacts had iPhones. Around here everybody is on Whatsapp, which is fine as well. And then there are those that don't want to touch Facebook, and that brings me to Signal.
What's so great about these programs? End-to-end encryption by default, and there is nothing I need to do. It's always turned on. And there is no password. Messages comes with your iPhone, and setting up WhatsApp or Signal just requires your phone number.
Before we had Touch ID, nobody had passwords on their phones. I mean nobody but those on enterprise devices with their stupid password policies: eight characters, at least one capital letter, a number and a special character. Touch ID made the problem disappear. You just touched the fingerprint reader and entered the password every three days instead of a hundred times each day.
You are getting the drift, right? Better usability leads to more security. Let's revisit the password policy. How about this? Make it long. Take three words that are easy to remember and build one nonsense phrase from them. "horserainflipper" - that is 16 chars and easier to remember than "78Dumbo=" which fits most enterprise requirements.
Which leads us to email. No security here. Nobody encrypts anything, end-to-end. Yes, there is PGP and there is S/MIME, but guess what, you now have a new problem: key management. Nobody has time for that, and if they had, they would fail on OpSec. (Look it up.) How could we make email encryption work? Solve the key management problem on the operating system level, across all operating systems. Not going to happen.
There is a reason I don't have a PGP key. Want a secure channel to me? Use my phone number and one of the programs in the picture above.
Comments
Es gibt Ansätze E-Mail Encryption mit Hilfe von GPG genauso "einfach" benutzbar zu machen wie es in WhatsApp/Signal etc passiert, inkl. Web Key Directory, d.h. automatischen Lookups der public Keys und das sogar Anbieter übergreifend.
Die Keys leben im Browser. Sie müssen im Browser gesichert werden und bei Wechsel/Unachtsamkeit verliert man die vorhergehende Kommunikation - also wirklich genau so wie es im Messenger heute ist.
Wird es funktionieren? Ja, es wird. Wird es weh tun? Ja, natürlich. Wird es sich durchsetzen? Kommt ganz drauf an wer mit spielt.
Very interesting. I tend to agree.
Out of interest, have you considered Telegram? If so, is there any particular reason you don’t opt for it or wouldn’t recommend it?
Also, on the email security point (as this is something I am thinking about currently) do you host your own email or use a service such as Outlook or Gmail? Thank you.
Oops, sorry for switching languages. Follow the link to WKD (web key directory) and you will get the bigger picture.
I am using Threema. I like it a lot. Better than signal actually.
WhatsApp I don’t use. Not for any particular reason. I just dont want another messenger. And their terms are a little worrying. ;)
Kambiz, I never considered Telegramm.
You can use any app you like, Johannes. If you want to talk to me, you will have to pick one of the three I am offering. ;-)
Stefan, nobody is going to hurt themselves. And with nobody I mean a tiny fraction of users. WKD is trying to fix the easy part. The hard part is managing the private key across a multitude of devices and user agents, completely transparent to the user.
Stefan, and with user agents I mean it has to work in the default apps on Android, iOS, macOS and Windows. S/MIME is the only thing that has a tiny chance of hitting that target.
It‘s not going to happen if the user has to think about it at all.
Heise just had a comment on this topic (in Germany) yesterday:
PGP has its uses. I use it to exchange materials with other companies where a Signal connection would not be appropriate. Not high in the usability charts for sure, but needs must.
the other day I failed at installing an e-mail archive for a smaller company because some users used encryption in their mails. to fit legal requirements, i would have to store unencrypted mails but no software can do this. key management fail. only solution seems to be an inhouse mail gateway that encypts/decrypts mails, leaving internal communication unencrypted so that an archiving solution can grab everything. this is broken by design.
In companies gateway based mail encryption/decryption is the way to go. Central key management, no additional software/configuration needed at the client, policy based encryption with no user impact, and mails are unencrpted in the internal network, so they can be archived and scanned for malware.
" Better usability leads to more security. "
This is profoundly incorrect.
Good security is *hard*, and making good security usable is even harder.
Apple does a really good job on security, but only because they put a LOT of time and effort into it.
@Craig: „Better usability leads to more security." is correct
" Better usability leads to more security. "
There are (at least) two ways to look at this phrase.
If the approach is to make security more usable, then I agree.... and that's what I think is meant here.
However, since proper/good security is hard there is a strong tendency in profit-focused businesses to not put the effort/time/money into it, and to make security tradeoffs to "enhance usability".
You can have 2 of 3 here: secure, usable, cheap
https://technet.microsoft.com/en-us/library/cc512573.aspx
Probably a silly question: Why is Messages confined to iPhones? Isn’t this just SMS? I thought you could send and receive messages to and from Android phones with Messages as well.
You can. But then it falls back to SMS. iMessage can do so much more. Blue recipient: iMessage, green recipient: SMS. Also iMessage is free, SMS can cost substantial international fees.
Got it, thanks, Volker.
Read https://gultsch.de/trust.html and think about it...
Did that. Now what?