Security and convenience (not “speed”) always pull in opposite directions. The thing is that experts always seem to advise using the highest level of security even for trivial accounts. This creates unnecessary friction, with the result that the average person drops the effective level of security even for important accounts in order to get rid of it. This is not a new problem, just a bad article on an old problem.
Yeah I read somewhere that it was considered unacceptable for people to have to wait for a couple of seconds for a password manager to open the vault after entering the password. Like, really? If those seconds mean the account is way more secure because math, isn’t it worth it? For the thing that holds all your passwords? People have become very sensitive to such things it seems.
It takes a few seconds to type a password in manually as well, but people seem to regard the time differently if they’re actively doing something than if they’re passively waiting for something to happen. Nontechnical users regard computers and other devices as black boxes that should respond instantly to stimuli, the way purely analog equipment does. If it doesn’t, many of them treat it as broken.
Yes that does make a difference. And a good UI should of course tell the user that it’s doing aubergine in the background. For a password manager, preferably a message indicating unlocking and a progress bar of some sort instead of just a frozen window.
Password managers typically allow you to use a session based login so you only put in the master password once until you close the browser, it set it to only prompt you every day, week, month, or never again on that device. So most of the time, those few seconds required to enter a password for a website are reduced to 0.
Security and convenience (not “speed”) always pull in opposite directions. The thing is that experts always seem to advise using the highest level of security even for trivial accounts. This creates unnecessary friction, with the result that the average person drops the effective level of security even for important accounts in order to get rid of it. This is not a new problem, just a bad article on an old problem.
(As for cryptocurrency, just don’t.)
Yeah I read somewhere that it was considered unacceptable for people to have to wait for a couple of seconds for a password manager to open the vault after entering the password. Like, really? If those seconds mean the account is way more secure because math, isn’t it worth it? For the thing that holds all your passwords? People have become very sensitive to such things it seems.
It takes a few seconds to type a password in manually as well, but people seem to regard the time differently if they’re actively doing something than if they’re passively waiting for something to happen. Nontechnical users regard computers and other devices as black boxes that should respond instantly to stimuli, the way purely analog equipment does. If it doesn’t, many of them treat it as broken.
Yes that does make a difference. And a good UI should of course tell the user that it’s doing aubergine in the background. For a password manager, preferably a message indicating unlocking and a progress bar of some sort instead of just a frozen window.
Password managers typically allow you to use a session based login so you only put in the master password once until you close the browser, it set it to only prompt you every day, week, month, or never again on that device. So most of the time, those few seconds required to enter a password for a website are reduced to 0.