Why Is Computer Security Advice So Confusing? (scitechdaily.com)

submitted 9 months ago by hardware26@discuss.tchncs.de to c/technology@lemmy.world

16 comments fedilink hide all child comments

The key takeaway here is that the people writing these guidelines try to give as much information as possible,” Reaves says. “That’s great, in theory. But the writers don’t prioritize the advice that’s most important. Or, more specifically, they don’t deprioritize the points that are significantly less important. And because there is so much security advice to include, the guidelines can be overwhelming – and the most important points get lost in the shuffle.

In other words, the guideline writers are compiling security information, rather than curating security information for their readers.

Drawing on what they learned from the interviews, the researchers developed two recommendations for improving future security guidelines.

First, guideline writers need a clear set of best practices on how to curate information so that security guidelines tell users both what they need to know and how to prioritize that information.

Second, writers – and the computer security community as a whole – need key messages that will make sense to audiences with varying levels of technical competence.

“Look, computer security is complicated,” Reaves says. “But medicine is even more complicated. Yet during the pandemic, public health experts were able to give the public fairly simple, concise guidelines on how to reduce our risk of contracting COVID. We need to be able to do the same thing for computer security.”

you are viewing a single comment's thread
view the rest of the comments

[-] kill_dash_nine@lemm.ee 4 points 9 months ago

It’s pretty amazing how many people still remember and reuse passwords for everything. I think it is still as simple as people haven’t heard of password managers or they’re just too overwhelmed with adding all of their passwords to a password manager and then changing them to something unique.

[-] GenderNeutralBro@lemmy.sdf.org 6 points 9 months ago

If you work at a company that provides a password manager, then it's an easy choice for your work-related passwords. For personal stuff, though? There's nothing out there I feel comfortable recommending that isn't a pain in the ass.

Cloud services are mostly bullshit. LastPass got hacked hard earlier this year. OnePassword is no better. BitWarden is maybe better but self-hosting is obviously too high a bar and if you use their cloud service then you're still giving all your passwords to a third party.

And then if you actually want it to be convenient you need browser plugins. Nah.

Offline solutions like Keepass are great but then you need to find a way to manually sync them across devices. Pick your poison.

[-] snooggums@kbin.social 5 points 9 months ago

Password managers sound like putting all your eggs in one basket.

[-] surewhynotlem@lemmy.world 16 points 9 months ago

This is why security is complicated: It's all about trading risks. Are password managers secure? Yes, unless someone gets your database and can decrypt it. Is writing the password down secure? Yes, unless someone gets physical access to your system. Is memorizing your password secure? Yes, unless someone does some lead pipe decryption on your kneecaps.

For most people, a password manager is better than paper and memorizing.

this post was submitted on 18 Sep 2023

87 points (89.9% liked)

Technology

55647 readers

2552 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each another!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, to ask if your bot can be added please contact us.
Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago

MODERATORS