US GOVERNMENT SECURITY VERSUS CONVENIENCESecurity vs. convenience: Can we have both?June 2, 2005
Security vs. convenience: Can we have both?

by Al Kaniss

Security versus convenience: They always seem to be at odds. For example, we all want good security at airports, but we also don't want to miss our flights due to long security lines. In fact, with airline travel this summer expected to exceed pre-September 11, 2001 levels, long security lines are a growing concern.

Physical security is not the only challenge we face. Hardly a week goes by without a news report about some sensitive computer information being compromised. Identity theft is one of the fastest growing crimes in our nation. I think everyone would agree, we need to be diligent about the security of our computers and the data they store. Just as we have tools to protect against unauthorized access to our houses and cars, we need tools to protect our computers from unauthorized access.

An age-old computer security tool is the password. Over the years, requirements for computer passwords have gotten increasingly stricter (minimum length, and the mandatory use of both upper and lower case letters, numbers, and special characters). Other tools we use to protect our computers are firewalls, spy ware checkers and virus checkers. All these tools help protect our computers and their data, but the time and effort needed to procure, install, learn to use them and troubleshoot them is significant and sometimes even burdensome.

While I wholeheartedly agree with the need for computer security, I'm concerned its inconvenience is affecting our productivity. For one thing, the tools should be easy to install and use. Just like we shouldn't have to be locksmiths to operate the lock and key on our house or car, we shouldn't need to be computer analysts to install and use security software. All the hours that are spent trying to read and follow many pages of instructions, struggling with the computer and calling the help desk detract from the time available to do our work.

Another area I'm concerned about is the small number of consecutive incorrect password attempts allowed before your account is disabled. (In such cases, the computer assumes it's being hacked.) Many people are not good typists and therefore routinely make errors. The fact that we can't actually see the characters as we're typing (they all show up as asterisks) degrades mediocre typists to poor typists. Having the caps lock key on, or having recently changed your password also contributes to mistakes. If your e-mail password is turned off, you must call the NMCI help desk to ask for a reset (make sure you know your Personal Identification Number). A few mistyped attempts at your password can also turn off your Common Access Card, which then requires a trip to the Pass and ID office for a reset. This is very difficult if you're working at home or on travel.

Simplified access to secure web sites, and use of encryption and digital signatures would also make computer security more convenient. We seem to have a large variety of cryptic e-mail icons which indicate that digital signature and/or encryption are being used. Some of these e-mails are difficult to read and reply to. Secure Web sites differ in what they require the user to do (acknowledge the presence of the PKI certificate, select a particular certificate, enter the PKI password or insert the CAC card). I realize we are still in transition, but people can get easily confused and sometimes are unable to do the work they need to do.

I hope someday, computer security will be as easy to use as inserting a key into your car door or house door, or pressing a button to open your garage door. Yes, we need to keep our computers and data secure but at the same time we need to get our jobs done. Let's make computer security less cumbersome, confusing and frustrating so it allows us to effectively and efficiently use our computers as a tool do our jobs.