Humans and electricity have something in common. They’re both inherently lazy, at least in some ways. Security for example. People, just like electric currents, will always seek to take the path of least resistance. If there’s an easier way to do something, there’s no doubt that the vast majority of people will opt for that method.

It’s evident everywhere, and for the security conscious is probably the kind of thing that gets them hot under the collar.

The endless pursuit of a more convenient way

Consider the back door to your house. If you live in a pleasant neighborhood, it’s a whole lot easier to leave your door unlocked, making access to the house marginally less stressful the next time you arrive home with hands full of shopping. Of course, the flip side of this shortcut is that your house becomes more vulnerable to trespassing criminals.
The same is true with technology security. How many people do you know that don’t bother to have a lock on their smartphone? According to Google, more than half of Android users don’t.
There have been many tales of thoughtful but hapless fools that, in a bid to better organize and memorize their many login credentials, store them all in a single place. Once a hacker finds their way into that particular file, perhaps via one of the many logins within, every single account they own will be exposed to attack.
Another common pitfall is the ‘PIN code stuck to the credit card’, observed among many people that are otherwise intelligent and considered.
All this points not to incompetence or stupidity, but an underlying desire for convenience.

Enter TAPs to solve the gloves on, gloves off dilemma

It’s clearly with this mindset that TAPS was created. TAPS, a recently announced project on the fundraising site Kickstarter, is a Touch ID compatible and waterproof adhesive that you can apply to any pair of gloves. Just like the pair you already own, these wearables have been designed to keep users warm, but effectively offer the added effect of stickers that you can attach to the fingertips.
TAPS security
The stickers feature a fingerprint-like material, meaning that wearers can still unlock and then use their touchscreen devices in the cold, without the need to remove the gloves.
Each stick is allegedly unique, syncing the specific TAPS stickers you purchase with any device you own, and no one else’s.
The very obvious trouble here, of course, is that it provides yet another route into your possessions, as well as to your personal data. Just like with the document of passwords, one small physical theft or imprint could provide access to almost every account you own.
Wilder conjecture could even lead to scenarios in which people could be framed for murder or other crimes. Although that kind of thinking is speculative at best.

Convenience trumps security

TAPs demonstrates that even the pioneering field of biometric security systems cannot outweigh the power of people’s desire for convenience.
It all points to the same root, which is that for a great number of people, convenience will trump security. This lesson should not be lost on anyone responsible for security programs or developing software.
Voluntary adoption of 2-factor authentication remains remarkably low, especially when it considered how much more secure this technique is, and how little user investment it requires. Estimates placed adoption rate of 2FA on Google’s network at just 6.5% last year. It’s no surprise that many of the major tech companies are now making this feature mandatory.

What can you do?

CTOs, product managers and other people responsible for designing products should hunt for potential shortcuts that users might take, and create user experiences that make security a seamless and background consideration for users, without sacrificing on the strength of the overall security.
CISOs and other security leaders must also consider this desire for convenience when developing their enterprise security initiatives, and work on ways to reduce any inconvenience caused by each measure introduced.
Moreover, any technologies purchased should be non invasive and require minimal user input, and any simple methods to circumvent protocol should be assessed and avoided. Creating workflows and policies that reduce the reliance on user choice will also help. For mobile, this might be applying content filtering to prevent undesirable behavior (restricting the ability to shortcut security processes), or limiting connections to convenient but risky Wi-Fi connections.
These might seem like obvious statements, but it’s always worth the reminder that enterprises are only as secure as their weakest point – and laziness might well provide that.
[text-blocks id=”3610″]