According to Hall, some tools, such as iMessage, “are quite usable, while others, like PGP (Pretty Good Privacy – an encryption tool), are very, very difficult to use.”
Drew Mitnick, policy counsel for Access Now, said, “private messenger apps that provide end-to-end encryption are everywhere.” He said the growing market for those and other apps that protect user privacy and security, “shows that people do care.”
Drew Mitnick, policy counsel, Access Now
McDowell said the FIDO Alliance, a nonprofit established in 2013, has created, “open industry specifications for a new generation of online authentication capabilities designed specifically to offer users better UX while quietly and unobtrusively improving their security.”
The organization allows users to replace passwords and one-time passcodes with, “public-key key cryptography and/or on-device biometrics like fingerprint or iris sensors,” providing what he called, “a low-friction UX and strong security.”
Jakobsson agreed that effective user security tools, “must be very easy to use – you plug them in or sign up, and then you can forget about them and rely on the tools’ functions. That’s the key to a good tool: make it easy.”
But he warns that even the best tools can’t stop a user from falling for social engineering, which he said is now, “very slick. It is not about Libyan princesses any more.
“Today, it is well applied in reasonable-sounding requests that can come in conjunction with something that is expected, or in response to something that the target has expressed interest in, like your boss asking you to review a PowerPoint presentation and send some files to add clarity,” he said.
Still, the reality is that it comes down to users’ perception of the threat, and whether that trumps convenience. As Mitnick noted, “tools like Tor and VPNs can be the difference between life and death for certain users. For others, they are an added layer of protection to bring peace of mind that the actions that we take online are private.”
Hall sees room for limited optimism.” We are getting better at this through human-centered design that focuses on usable security mechanisms,” he said, but added, “I'm not sure it's getting better fast enough, though.”
Sign up for CIO Asia eNewsletters.