When More Secure Is Less

More policy might lead to more lapses

New security policy on my phone means me having to change my lock screen settings. Now, I’m inclined to turn on the delay in leave the screen unlocked longer so I don’t need to constantly unlock with a code. This makes my device more secure. If swiped at the wrong time, someone will get access to my messages more easily.

It’s the same with requiring numbers, letters, lower and upper case, and special characters. As a result, people end up either reusing their passwords or putting sticky notes on their screens to remember.

Or because their routers settings mean digging underneath a dusty pile of cables to look up the default router IP address and admin user ID / password from a tiny placard, they leave it as is. The result is that someone who expends enough energy could likely access their network and compromise their devices.

If the lock is too hard to use, people will leave the door open. Sometimes, it’s better to employ multiple lower tech options in succession than one super high tech option.

For my phone, why not smart unlock (Bluetooth connectivity to a particular device) combine with face unlock work better than iris scan alone or passcode alone? Or why not a partial thumbprint unless the phone detects something suspicious requiring a full thumbprint (reducing the very annoying false rejection on my phone)?

Don’t make security annoying to the good guys.