The Importance of Convenience to Security
Face-scan unlocking. Seems like magic. No more remembering passwords or having your thumb used to open your device when you’re unaware. This is the future, right? Well, yes, but just because there’s this new-fangled biometric security doesn’t mean you can stop being vigilant. Nevertheless, this new technology opens up debate on the usefulness of various authentication measures for devices. I’m going to focus on one particular factor: convenience.
Convenience is undoubtedly one of the most criminally underrated factors when it comes to users properly ensuring security controls on their devices. Just to highlight an example to illustrate this, the firm Krebson Security found out during some of their research that “less than 1% of the Dropbox user base is taking advantage of the company’s two-factor authentication feature”. Less than one percent! That’s a free feature that’ll massively increase the strength of your access controls yet 99% of users aren’t even bothering to take advantage of it. That's alarming. It's alarming not just because the number is so low, but because Dropbox holds such valuable information for so many people. Not only that, but their multi-step implementation is very low-friction - you generally only ever see it when setting up a new machine for the first time.
Why is this happening? Because multi-factor authentication is extra hassle. No one wants to take extra steps when doing tasks during their daily grind. Security needs to be built into the very fabric of what you do naturally every single day. This is why fingerprint security was seen as such a giant leap forward. A simple press of your finger/thumb to unlock your phone (which you were going to do anyway) is something that comes naturally and conveniently to the average person.
What we have to keep in mind here is just how low the security bar is still set for so many people. Probably not for you being someone interested in reading this sort of material in the first place, but for the billions of "normals" out there now using mobile devices. Touch ID and Face ID are so frictionless that they remove the usability barrier PINs post. There's a good reason Apple consistently shows biometric authentication in all their demos - because it's just such a slick experience. So, while biometric unlocking may have its own drawbacks compared to passcodes, they have huge benefits for the vast majority of the population. And that’s ultimately what we should be paying attention to.