In one of my more paranoid moments last month I started using Google’s 2 step verification. Now anytime I want to connect an application or Web site with my Google account I not only have to enter my user name and password, but also a code that is sent to my iPhone. For those applications that don’t take the codes, Google generates application specific passwords. Having listen to Security Now for over 306 episodes I have no doubt this method is more secure then just a user name and password. Well, it would be if I was willing to stick with it, but to be honest I probably will not. It would be all right if I was using it on sites that I thought needed extra security on like shopping, bank and other similar sites. However do I really need two step verification for a site like Goodreads, at that point it just becomes annoying. I have a choice to make I can be secure but constantly annoyed or less secure but happier. I sure you can guess which road I am headed down. I do not think I am unique either I think I am pretty normal. Lets face it most of us want to be secure on-line, we just do not want to work to hard at it.
The problem with most security methods is the better they are the more difficult they are to use. I do not care how great your security system is, if it is not easy for people to use it is useless. It needs to be as effortless as possible. The more effort it takes to use it the less likely users are to stick with it. Unfortunately the more human friendly security is the more likely it is to be insecure. Security and ease of use tend to work against each other. Somehow we need to find the middle ground between security and ease of use, and as more of our information resides in the clouds this becomes more and more important.