Security needs usability

by Volker Weber


This is the top line of my iPhone apps. I consider all of them secure. I would only need iMessage (Messages) if all my contacts had iPhones. Around here everybody is on Whatsapp, which is fine as well. And then there are those that don't want to touch Facebook, and that brings me to Signal.

What's so great about these programs? End-to-end encryption by default, and there is nothing I need to do. It's always turned on. And there is no password. Messages comes with your iPhone, and setting up WhatsApp or Signal just requires your phone number.

Before we had Touch ID, nobody had passwords on their phones. I mean nobody but those on enterprise devices with their stupid password policies: eight characters, at least one capital letter, a number and a special character. Touch ID made the problem disappear. You just touched the fingerprint reader and entered the password every three days instead of a hundred times each day.

You are getting the drift, right? Better usability leads to more security. Let's revisit the password policy. How about this? Make it long. Take three words that are easy to remember and build one nonsense phrase from them. "horserainflipper" - that is 16 chars and easier to remember than "78Dumbo=" which fits most enterprise requirements.

Which leads us to email. No security here. Nobody encrypts anything, end-to-end. Yes, there is PGP and there is S/MIME, but guess what, you now have a new problem: key management. Nobody has time for that, and if they had, they would fail on OpSec. (Look it up.) How could we make email encryption work? Solve the key management problem on the operating system level, across all operating systems. Not going to happen.

There is a reason I don't have a PGP key. Want a secure channel to me? Use my phone number and one of the programs in the picture above.


Es gibt Ansätze E-Mail Encryption mit Hilfe von GPG genauso "einfach" benutzbar zu machen wie es in WhatsApp/Signal etc passiert, inkl. Web Key Directory, d.h. automatischen Lookups der public Keys und das sogar Anbieter übergreifend.

Die Keys leben im Browser. Sie müssen im Browser gesichert werden und bei Wechsel/Unachtsamkeit verliert man die vorhergehende Kommunikation - also wirklich genau so wie es im Messenger heute ist.

Wird es funktionieren? Ja, es wird. Wird es weh tun? Ja, natürlich. Wird es sich durchsetzen? Kommt ganz drauf an wer mit spielt.

Stefan Funke, 2017-12-02 00:26

Very interesting. I tend to agree.

Out of interest, have you considered Telegram? If so, is there any particular reason you don’t opt for it or wouldn’t recommend it?

Also, on the email security point (as this is something I am thinking about currently) do you host your own email or use a service such as Outlook or Gmail? Thank you.

Kambiz Larizadeh, 2017-12-02 00:28

Oops, sorry for switching languages. Follow the link to WKD (web key directory) and you will get the bigger picture.

Stefan Funke, 2017-12-02 00:31

I am using Threema. I like it a lot. Better than signal actually.
WhatsApp I don’t use. Not for any particular reason. I just dont want another messenger. And their terms are a little worrying. ;)

Johannes Matzke , 2017-12-02 08:28

Kambiz, I never considered Telegramm.

You can use any app you like, Johannes. If you want to talk to me, you will have to pick one of the three I am offering. ;-)

Stefan, nobody is going to hurt themselves. And with nobody I mean a tiny fraction of users. WKD is trying to fix the easy part. The hard part is managing the private key across a multitude of devices and user agents, completely transparent to the user.

Volker Weber, 2017-12-02 08:52

Stefan, and with user agents I mean it has to work in the default apps on Android, iOS, macOS and Windows. S/MIME is the only thing that has a tiny chance of hitting that target.

It‘s not going to happen if the user has to think about it at all.

Volker Weber, 2017-12-02 09:00

Heise just had a comment on this topic (in Germany) yesterday:

Köbe Thorsten, 2017-12-02 10:25

PGP has its uses. I use it to exchange materials with other companies where a Signal connection would not be appropriate. Not high in the usability charts for sure, but needs must.

Andy Mell, 2017-12-02 12:51

the other day I failed at installing an e-mail archive for a smaller company because some users used encryption in their mails. to fit legal requirements, i would have to store unencrypted mails but no software can do this. key management fail. only solution seems to be an inhouse mail gateway that encypts/decrypts mails, leaving internal communication unencrypted so that an archiving solution can grab everything. this is broken by design.

Samuel Orsenne, 2017-12-02 14:26

In companies gateway based mail encryption/decryption is the way to go. Central key management, no additional software/configuration needed at the client, policy based encryption with no user impact, and mails are unencrpted in the internal network, so they can be archived and scanned for malware.

Manfred Wiktorin, 2017-12-02 14:49

" Better usability leads to more security. "

This is profoundly incorrect.

Good security is *hard*, and making good security usable is even harder.
Apple does a really good job on security, but only because they put a LOT of time and effort into it.

Craig Wiseman, 2017-12-02 18:01

@Craig: „Better usability leads to more security." is correct

Werner Götz, 2017-12-02 19:28

" Better usability leads to more security. "

There are (at least) two ways to look at this phrase.

If the approach is to make security more usable, then I agree.... and that's what I think is meant here.

However, since proper/good security is hard there is a strong tendency in profit-focused businesses to not put the effort/time/money into it, and to make security tradeoffs to "enhance usability".

You can have 2 of 3 here: secure, usable, cheap

Craig Wiseman, 2017-12-03 16:15

Probably a silly question: Why is Messages confined to iPhones? Isn’t this just SMS? I thought you could send and receive messages to and from Android phones with Messages as well.

Jochen Kattoll , 2017-12-03 17:00

You can. But then it falls back to SMS. iMessage can do so much more. Blue recipient: iMessage, green recipient: SMS. Also iMessage is free, SMS can cost substantial international fees.

Volker Weber, 2017-12-03 17:23

Got it, thanks, Volker.

Jochen Kattoll, 2017-12-03 17:36

Read and think about it...

Norbert Tretkowski, 2017-12-04 18:47

Did that. Now what?

Volker Weber, 2017-12-04 20:02

Recent comments

Axel Koerv on #dnug45 im darmstadtium at 19:52
Volker Weber on Elgato Eve Flare :: Erste Eindrücke at 19:18
Thomas Cloer on Elgato Eve Flare :: Erste Eindrücke at 17:34
Jochen Kattoll on Sonos, AirPods, Plantronics. Und Podcasts. at 12:40
Stephan Perthes on Elgato Eve Flare :: Erste Eindrücke at 10:49
Oswald Prucker on #dnug45 im darmstadtium at 10:17
Volker Weber on #dnug45 im darmstadtium at 09:44
Ingo Spichal on #dnug45 im darmstadtium at 09:14
Hendrik Brunn on Elgato Eve Flare :: Erste Eindrücke at 23:23
Lewis Turek on Elgato Eve Flare :: Erste Eindrücke at 22:09
Volker Weber on Elgato Eve Flare :: Erste Eindrücke at 21:17
Lewis Turek on Elgato Eve Flare :: Erste Eindrücke at 20:27
Stephan H. Wissel on Sonos, AirPods, Plantronics. Und Podcasts. at 19:33
Dominique Roller on HomePod kaufen? at 13:27
Markus Dierker on HomePod kaufen? at 13:20
Martin Kautz on Computer Kid at 12:09
Volker Weber on Neues Ziel: 100k #dontbreakthechain at 11:31
Karl Heindel on Neues Ziel: 100k #dontbreakthechain at 10:48
Michael Schneider on Neues Ziel: 100k #dontbreakthechain at 10:27
Axel Koerv on Neues Ziel: 100k #dontbreakthechain at 09:27
Bernd Hofmann on Neues Ziel: 100k #dontbreakthechain at 07:42
Volker Weber on Three essentials at 20:58
Stephan Perthes on Three essentials at 15:25
Volker Weber on Die neue Cebit at 13:07
Volker Weber on Sonos, AirPods, Plantronics. Und Podcasts. at 12:56

Ceci n'est pas un blog

I explain difficult concepts in simple ways. For free, and for money. Clue procurement and bullshit detection.


Stuff that works
Amazon Wish List
Frequently Asked Questions

rss feed  twitter amazon

Local time is 03:19


buy me coffee