Companies should make it harder to be lazy about security. If Mark Zuckerberg uses the same password across multiple services, it’s really not fair to blame users for unsafe security practices because we know that most people won’t be safe if a company leaves it up to them. We know that passwords are not enough to keep important services safe anymore. Of course, this may not help if it turns out the customer has a hacked password on their email account. If a new piece of hardware is used to access the service, the user has to verify their identity by entering a code sent to their email on that first use.
TeamViewer’s new “Trusted Device” feature works like a lighter form of two-factor authentication. At the very least, services like TeamViewer should enable two-factor authentication by default, requiring users to turn it off rather than tucking the option to turn it on somewhere in settings that few users ever look at. It’s not enough to make increased security features available. There are so many breaches today that security design has become as important as security systems. Two-factor authentication is a widespread security solution where, after a user enters a password, they have to enter a second code that changes all the time (often it’s delivered via a text message).
It’s time for companies to start thinking about their users’ overall experience differently.
In those days, asking users to take security seriously created undue friction and services weren’t so interconnected.
0 kommentar(er)
