The convenience/security paradox
In our technological world there is a simple truth. Convenience and security are polar opposites. This is not an opinion and is not negotiable. Many people, designers, programers, and security specialists are working to change this, but it is almost a rule of nature and therefore is resistant to change. Let me show you what I mean by using an easy example; lets look at a room. A room that is purely convenient has no door slabs in the door holes to close, no door handles, no locks. Window holes are wide open, there is no glass and nothing plugging that hole. This room has nothing that bars or hinders your easy entry and exit. This room has no security what so ever and anyone can walk in and out at will. They can see everything that is inside the room as there are no shutters or curtains to obstruct their view. This is pure convenience.
A purely secure room is a room with no doors or windows because there are no holes in the walls at all. There is no way in, no way out, nothing can access anything inside it and nothing can leave it. At all. Ever. This is pure security.
Now with those examples in mind, we realize that neither of those rooms are usable at all. Instead, for a room to be useful, we have to make concessions on both sides of the coin. Maybe there are windows in the room. If so, they are filled with glass so we can see in and out, but they are locked to impede entry or exit and they probably have curtains over them to afford us some privacy. There is at least one door, but it probably has a solid slab in it, but on hinges, with a clasp and maybe a lock. It opens to afford entry and exit, but can be latched or locked to give some security. As you think of this example, you see that we are somewhat more secure, but somewhat inconvenient.
This is how we live every day of our life. We are so used to this that we don’t even realize it anymore. Our life, the world we live in and all our interactions at some baseline, exist on this sliding scale between pure convenience and pure security, but are wholly neither. At any time we can slide the scale one way or the other, but it is always at the cost of the opposite.
Electronics are exactly the same. If you look at any digital device, you can quickly assess how secure it is or how easy to use it is, but the more security features are in place the harder or more cumbersome that device becomes in practical use. The best example of this is a smartphone. Every manufacturer of smartphones has some type of lock screen, but it is up to the user to implement them. If you use an android phone, you have the option of a password, a code, or a pattern to unlock or you can turn off those and just swipe to unlock. Obviously, if you have all the locks turned off, anyone can use your phone just by picking it up. This is super convenient but not at all secure. A pattern is slightly more secure but there are a limited number of patterns that people tend to use, so no matter how clever you think your pattern is, it is very likely that someone else could guess it in just a few tries, also, by looking for smudges on the screen, your pattern is probably obvious. Most people can input their pattern in a second or two. Not to inconvenient, but not very secure at all. So to be more secure we up our game to a four digit passcode. We still can enter it in a few seconds, and it is marginally more secure, but again, the average human picks a date or a pattern of numbers (the four corners… etc.) so still really not that secure at all. To become more secure than that, we can jump it up to a full 8 digit alpha-numeric password, throw in a special character and a capital letter or two and now you can hit 128bit encryption levels of security. I will admit, that is a secure smartphone now. The downside, well, it takes you 30 seconds or more every time you want to open the phone and for heaven sake don’t forget that password…
Now granted, regarding what I mentioned above, there are people working all the time to change this, there are new emerging technologies that are closing the gap between security and convenience, like fingerprint technology and iris scanners, but for now, the divide between the two is still vast. When you factor in the idea that a government agency can force you to give up a finger print on command without a warrant, it becomes obvious, these new technologies have a long way to go before they make a significant different in bringing truly secure convenience to a smartphone. Concurrently, hackers and criminals are trying to defeat security constantly, they are working to either find ways around it or make it necessary to have such arduous security processes that most average people just opt out and go unsecured because of the massive inconvenience.
Until the two are brought together, what can you do to have both? Nothing really, and the most important thing you can do (the reason I am writing all this) is that you can be acutely aware of this polarity. Be wide awake and fully mindful of this issue every time you make a change to your device security settings in favor of one side or the other. Be fully mindful of the risk you are taking when you make your phone easier to open. Also, be mindful of your lack of security in every aspect of your digital life. Demanding security from the companies that you store your data with is mandatory, however actually expecting to get it is a pipe dream. While we all WANT to have our private data, our pictures and files, stay private, we should never assume that they will. The only way to be truly safe online is to never store anything online, that includes posting to social media, cloud photo storage and every other aspect of our digital life that includes an upload. Quite frankly, if you send something out of your device to the web in any format, be it a backup or an Instagram post, it is no longer yours. Sure you may own the rights to it, but a few clicks from a savvy hacker and all of it is immediately public knowledge. Never forget that. While the huge private photo leak (commonly referred to as the 'fappening') that happened a few years ago was a crime and was an invasion of those owners privacy, it could have been avoided had the owners never taken those photos in the first place or never uploaded them to the web. Please don’t get me wrong, I am not blaming the victim, I am simply stating the fact that it is much harder to be a victim if you never make moves that put you at risk in the first place. While we should demand from these companies that our private data stay private, we should expect that it won’t and plan and act accordingly.
Equally, if you do opt for stronger security processes on your devices, be prepared for the new inconvenience every time your device is put to use after you increase your security settings. Think it all the way through before you turn on or off that two-factor authentication. Remember that your security has a cost and so does your convenience. Be aware of those costs and be ready to pay up. I am not here today to tell you HOW to be more secure, there are lots of great article already to tell you that, and I am not here to tell you how to make that new iPhone so much easier to use, there are equally as many already to tell you that. I am just here to make sure that when you do make a choice, you are keeping the cost of that choice in mind so that it doesn’t surprise you or leave you unwilling or unable to pay it… There is nothing worse for security than a new security feature that is so hard to use that every one turns it off, and there is little worse for privacy than the illusion of it.