[svlug] Security & PGP: "Why Johnny Can't encrypt"

Jesse Monroy jesse650 at gmail.com
Sat Jan 31 10:58:16 PST 2015


For those unfamiliar with this paper I am posting the reference.

>From the abstract:
"""
We conclude that PGP 5.0 is not usable enough to provide effective
security for most computer users, despite its attractive graphical
user interface, supporting our hypothesis that user interface design
for effective security remains an open problem.  We close with a brief
description of our continuing work on the development and application
of user interface design principles and techniques for security.
"""

>From the Introduction:
"""
Security mechanisms are only effective when used correctly.
(...)
at least one researcher [2] has claimed that configuration errors are
the probable cause of more than 90% of all computer security failures.
"""
With the quotation marks, Google: "Why Johnny Can't encrypt"

There are several PDF's available in the wild.

Here is a HTML version:
https://www.usenix.org/legacy/events/sec99/full_papers/whitten/whitten_html/index.html

As a gentle reminder, when I as at HP - working in shipping/receiving
- it was considered good practice to keep the password under the
keyboard - if not taped to the bottom of the keyboard. This was
because THE password for updating the inventory system was given on a
per department basis (we were using HP MM3000). The bigger issue of
inventory discrepancies were still handled with pencil and paper --
With YES, giant reams of printouts.

Jesse



More information about the svlug mailing list