Fit for Human Consumption

More crackerjack usability and security-related reporting from BBC Tech.  An informal, but decent sample-size survey (n=200) found that people would easily divulge typical "secure" information (e.g. mother's maiden name) when asked in the context of an interview or survey.  This type of information is typically used as back-up or verification data for resetting passwords.

Not surprisingly, approximately 1/3 of wireless networks do not utilize basic, integrated security features.   

My thoughts: Setting up security on wireless networks is actually relatively easy to do, assuming the administrator is aware and/or cares too.  The bigger issue is having to deal with the distribution and management of passwords to users, and the inevitable user support load that comes with any password-based system.  It's likely that in many cases the cost of implementing and maintaing such security outweighs the potential risks of having a less secure network.

I have submitted a presentation to the Symposium On Usable Privacy and Security.  It's a case study on the usability of password synchronization and authentication questions.  Will include a link to the presentation once it's available via the conference proceedings:

http://cups.cs.cmu.edu/soups/index.html