Security needs usability

by Volker Weber


This is the top line of my iPhone apps. I consider all of them secure. I would only need iMessage (Messages) if all my contacts had iPhones. Around here everybody is on Whatsapp, which is fine as well. And then there are those that don't want to touch Facebook, and that brings me to Signal.

What's so great about these programs? End-to-end encryption by default, and there is nothing I need to do. It's always turned on. And there is no password. Messages comes with your iPhone, and setting up WhatsApp or Signal just requires your phone number.

Before we had Touch ID, nobody had passwords on their phones. I mean nobody but those on enterprise devices with their stupid password policies: eight characters, at least one capital letter, a number and a special character. Touch ID made the problem disappear. You just touched the fingerprint reader and entered the password every three days instead of a hundred times each day.

You are getting the drift, right? Better usability leads to more security. Let's revisit the password policy. How about this? Make it long. Take three words that are easy to remember and build one nonsense phrase from them. "horserainflipper" - that is 16 chars and easier to remember than "78Dumbo=" which fits most enterprise requirements.

Which leads us to email. No security here. Nobody encrypts anything, end-to-end. Yes, there is PGP and there is S/MIME, but guess what, you now have a new problem: key management. Nobody has time for that, and if they had, they would fail on OpSec. (Look it up.) How could we make email encryption work? Solve the key management problem on the operating system level, across all operating systems. Not going to happen.

There is a reason I don't have a PGP key. Want a secure channel to me? Use my phone number and one of the programs in the picture above.


Es gibt Ansätze E-Mail Encryption mit Hilfe von GPG genauso "einfach" benutzbar zu machen wie es in WhatsApp/Signal etc passiert, inkl. Web Key Directory, d.h. automatischen Lookups der public Keys und das sogar Anbieter übergreifend.

Die Keys leben im Browser. Sie müssen im Browser gesichert werden und bei Wechsel/Unachtsamkeit verliert man die vorhergehende Kommunikation - also wirklich genau so wie es im Messenger heute ist.

Wird es funktionieren? Ja, es wird. Wird es weh tun? Ja, natürlich. Wird es sich durchsetzen? Kommt ganz drauf an wer mit spielt.

Stefan Funke, 2017-12-02

Very interesting. I tend to agree.

Out of interest, have you considered Telegram? If so, is there any particular reason you don’t opt for it or wouldn’t recommend it?

Also, on the email security point (as this is something I am thinking about currently) do you host your own email or use a service such as Outlook or Gmail? Thank you.

Kambiz Larizadeh, 2017-12-02

Oops, sorry for switching languages. Follow the link to WKD (web key directory) and you will get the bigger picture.

Stefan Funke, 2017-12-02

I am using Threema. I like it a lot. Better than signal actually.
WhatsApp I don’t use. Not for any particular reason. I just dont want another messenger. And their terms are a little worrying. ;)

Johannes Matzke , 2017-12-02

Kambiz, I never considered Telegramm.

You can use any app you like, Johannes. If you want to talk to me, you will have to pick one of the three I am offering. ;-)

Stefan, nobody is going to hurt themselves. And with nobody I mean a tiny fraction of users. WKD is trying to fix the easy part. The hard part is managing the private key across a multitude of devices and user agents, completely transparent to the user.

Volker Weber, 2017-12-02

Stefan, and with user agents I mean it has to work in the default apps on Android, iOS, macOS and Windows. S/MIME is the only thing that has a tiny chance of hitting that target.

It‘s not going to happen if the user has to think about it at all.

Volker Weber, 2017-12-02

Heise just had a comment on this topic (in Germany) yesterday:

Köbe Thorsten, 2017-12-02

PGP has its uses. I use it to exchange materials with other companies where a Signal connection would not be appropriate. Not high in the usability charts for sure, but needs must.

Andy Mell, 2017-12-02

the other day I failed at installing an e-mail archive for a smaller company because some users used encryption in their mails. to fit legal requirements, i would have to store unencrypted mails but no software can do this. key management fail. only solution seems to be an inhouse mail gateway that encypts/decrypts mails, leaving internal communication unencrypted so that an archiving solution can grab everything. this is broken by design.

Samuel Orsenne, 2017-12-02

In companies gateway based mail encryption/decryption is the way to go. Central key management, no additional software/configuration needed at the client, policy based encryption with no user impact, and mails are unencrpted in the internal network, so they can be archived and scanned for malware.

Manfred Wiktorin, 2017-12-02

" Better usability leads to more security. "

This is profoundly incorrect.

Good security is *hard*, and making good security usable is even harder.
Apple does a really good job on security, but only because they put a LOT of time and effort into it.

Craig Wiseman, 2017-12-02

@Craig: „Better usability leads to more security." is correct

Werner Götz, 2017-12-02

" Better usability leads to more security. "

There are (at least) two ways to look at this phrase.

If the approach is to make security more usable, then I agree.... and that's what I think is meant here.

However, since proper/good security is hard there is a strong tendency in profit-focused businesses to not put the effort/time/money into it, and to make security tradeoffs to "enhance usability".

You can have 2 of 3 here: secure, usable, cheap

Craig Wiseman, 2017-12-03

Probably a silly question: Why is Messages confined to iPhones? Isn’t this just SMS? I thought you could send and receive messages to and from Android phones with Messages as well.

Jochen Kattoll , 2017-12-03

You can. But then it falls back to SMS. iMessage can do so much more. Blue recipient: iMessage, green recipient: SMS. Also iMessage is free, SMS can cost substantial international fees.

Volker Weber, 2017-12-03

Got it, thanks, Volker.

Jochen Kattoll, 2017-12-03

Read and think about it...

Norbert Tretkowski, 2017-12-04

Did that. Now what?

Volker Weber, 2017-12-04

Old archive pages

I explain difficult concepts in simple ways. For free, and for money. Clue procurement and bullshit detection.


Paypal vowe