Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Schneier: Focus on training obscures the failures of security design

Louis Suárez-Potts luispo at
Wed Mar 27 20:08:47 PDT 2013

Doesn't this paragraph—below—sort of make intense discussion moot? I mean, if passwords are so last century, and if training is focused on getting workers to use already obsolete techniques that do nothing to secure against real threats, then…. where's the discussion? If the premise is correct, then the conclusion follows as Schneier states. I'd use a different analogy, of course. Just as duck and cover would probably have been as effective as putting a duck under cover (with orange sauce, I hope), so too…

In fact, like duck and cover, training is a spend that defrauds, and what does matter is intrinsically good design. And that's as true for security as usability as accessibility as interoperability. What's more, good design, the sort that defends privacy (and what else is a security breach but an intrusion, or invasion of privacy?), also promotes democrac


On 13-03-27, at 19:45 , Carol Waters <wish117 at> wrote:

> On the other hand, password advice from 10 years ago isn’t relevant today (PDF). Can I bank from my browser? Are PDFs safe? Are untrusted networks OK? Is JavaScript good or bad? Are my photos more secure in the cloud or on my own hard drive? The “interface” we use to interact with computers and the Internet changes all the time, along with best practices for computer security. This makes training a lot harder.

More information about the liberationtech mailing list