get_col("DESC $table_name", 0) as $column ) { if ($debug) echo("checking $column == $column_name
"); if ($column == $column_name) { return true; } } //didn't find it try to create it. $q = $wpdb->query($create_ddl); // we cannot directly tell that whether this succeeded! foreach ($wpdb->get_col("DESC $table_name", 0) as $column ) { if ($column == $column_name) { return true; } } return false; } } function btc_altertable() { global $tablecomments; $sql = "ALTER TABLE $tablecomments ADD COLUMN comment_reply_ID INT NOT NULL DEFAULT 0;"; maybe_add_column($tablecomments, 'comment_reply_ID', $sql); } function btc_alter_comment($new_id) { global $tablecomments, $wpdb; $sql = "UPDATE $tablecomments SET comment_reply_ID=".$_POST['comment_reply_ID']." WHERE comment_ID = $new_id;"; $wpdb->query($sql); } function briansnestedcomments() { global $font_gets_smaller; if (!($withcomments) && ($single)) return; // You can safely delete the single line below if your threaded comments are up and running btc_altertable(); ?> Usable Security » Blog Archive » Look Beyond the “Fundamental Conflict”

Look Beyond the “Fundamental Conflict”

March 12, 2005 by Ping

What better way to initiate a usability blog than by picking a bone with a prominent figure like Jakob Nielsen?

In one of his Alertbox columns, Nielsen opens the discussion by outlining a “fundamental conflict” between usability and security.  He writes:

Usability advocates favor making it easy to use a system, ideally requiring no special access procedures at all, whereas security people favor making it hard to access a system, at least for unauthorized users.

That particular column is now more than four years old, but similar comparisons of the goals of usability and security have been made so often that the conflict has come to be accepted as traditional wisdom.  I’m going to argue that it’s time to set aside this assumption.

Nielsen’s juxtaposition needs some refinement.  Here’s the way I like to see it:

  • Usability is about making it easier to get desirable results.
  • Security is about making it harder to get undesirable results.

When you see it this way, they don’t have to be in conflict.  This perspective also reveals the reason that usability and security come into conflict: they conflict when you can’t tell the difference between desirable and undesirable results.

The reason Nielsen runs into a fundamental conflict is that he has chosen login authentication as the subject of his analysis.  In that particular subdomain, the conflict is real.  The purpose of passwords is to separate authorized users from unauthorized users.  There is no a priori knowledge of whether the person entering the password should be allowed to enter.

But there’s a lot more to security than passwords.  In fact, today’s biggest security problems—viruses, spam, phishing, spyware—have nothing to do with somebody guessing a poorly chosen password.  They have to do with errors in identification or errors in granting too much power to untrustworthy parties.

So, don’t be too quick to carry over the assumptions from authentication to other security problems.  Security requires carrying out the user’s intentions correctly, and in order to be usable, a system can’t be breaking down all the time.

Let’s avoid the characterization of “usability people” and “security people” as entrenched in opposing camps.  Much of the time, we’re all trying to achieve the same goal: to make sure the right things happen, effortlessly.  To achieve that, we need to listen to each other.

Check out:

Ka-Ping Yee has done some great work, that provide guidelines for aligning security and usability. He in considering capability systems in particular but the guidelines are general:

(Comments won't nest below this level.)

I just noticed that you link to Ka on your frontage… So you odiously already knew his work…

(Comments won't nest below this level.)

That’s me. I’m Ka-Ping and i wrote this blog entry. Thanks for the kind compliment!

I hope you stick around and chime in with your thoughts. There will be a lot to talk about, and we’re just getting started.

(Comments won't nest below this level.)

[...] usable security, which promises to be an interesting read. Their perspective from looking beyond the "fundamental conflict" more or less summarizes the whole issue: [...]

(Comments won't nest below this level.)
Jeremy Dunck wrote:

Small world, Julien. (Ping, Julien is involved in Greasemonkey. Julien, I just met Ping at SxSW).

Welcome to blogging, Ping. ;)

(Comments won't nest below this level.)

Well said. The job of the software architect, as I see it, is to harmonize the “ilities”. This means find force multipliers among what are treated as the various specialty concerns like security and usability. There is a lot of shared ground and values between security and usability, not the least of which is a shared goal of simplicity. The software architect should focus on the areas where the disciplines agree, and making a business case that shows the combined impact of improved risk management (security) and user experience (usability).

(Comments won't nest below this level.)

I agree that login/authentication systems (at least in their current mental-model based format) are a usability challenge. But what are the usability issues unique to other types of security applications (e.g. viruses, spam, etc). I’ve seen very little written about these. Any recommendations?

(Comments won't nest below this level.)