Comments on: Computer security avoidance

By: Rus

Rus — Tue, 30 Jun 2009 17:47:19 +0000

I'm Confused. I thought IT Security was created solely for the purpose of limiting how productive software users could be. This seems to say just the opposite. :-)

By: Rich

Rich — Tue, 30 Jun 2009 13:29:49 +0000

An observation: Where I work doing IT, I've heard a similar opinion expressed by end users - that they don't say anything because no one would listen. It's funny because we really don't have the kind of clout that they think we do. Usually, when a situation arises that gets a user to finally speak up, it brings to our attention a problem we didn't even know existed - because no one told us. In our case, we're happy to try to reach usability compromises, because we know it prevents the type of situation you describe. Maybe your IT department is different - maybe they really do run your company, and don't care about inconveniencing users. Probably there are a few individuals in the department for whom that is true, but I doubt that is the overall culture.

By: Dave

Dave — Tue, 30 Jun 2009 12:53:05 +0000

Rich, I can't engage the IT people in a discussion because they're one level below God on the totem pole. The decisions they make affect many thousands of computer users, so there's pretty much no way they'll ever do anything I say. Wendy, I tried to passively aggress that music into silence, but the mad scientist's cubicle mate is always there. The Rules of Passive Aggression state that "No act of passive aggression may be witnessed by another human." Fail.

By: Wendy

Wendy — Mon, 29 Jun 2009 19:03:34 +0000

Can't you passive-aggressively walk over there and hit the mute button on his computer?

Are you scared because he's a mad scientist and could be video-ing his workstation at all times?

By: Rich

Rich — Mon, 29 Jun 2009 14:52:03 +0000

And this is exactly the type of stuff that drives IT security people nuts. Hackers are generally the least of our worries. It's highly educated, intelligent people purposely finding ways to neuter security systems to avoid minor inconveniences. Here's an idea: Instead of expending effort to figure out how to undo the work of security staff, why not actually engage them in a discussion about perceived security needs weighted against convenience. Is 10 minutes too short? How about 15? What if the grace period were longer? The grace period, if you're not familiar, is the amount of time you have after the screensaver (I believe this also works with the lock workstation feature) starts before it is actually password protected. Default is a few (5?) seconds. In that time, you can jiggle the mouse or hit a key, and it will come back without requiring re-authentication. Perhaps if this were set to something more like 30 seconds, or a minute, it would sufficiently alleviate the annoyance? IT people get a bad stereotype because they often don't offer these types of compromises for user convenience. A lot of IT people just don't think of that sort of thing - They're too busy actually building the back end system. Usually, a minor tweak like this will make a security system much more bearable, which improves adoption, and reduces silly hacks intended to bypass the system. /rant

By: Dave

Dave — Fri, 26 Jun 2009 19:43:37 +0000

I wonder that every day. He's kind of a mad-scientist type of person, so I doubt he even realizes his computer is making any noise.

By: Jenna

Jenna — Fri, 26 Jun 2009 19:41:12 +0000

why doesnt he just play the music, but put it on mute??