Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×
User Journal

Journal drig's Journal: User Friendly vs Security

Today my company was introduced to the new online portal for our medical benefits. I was shocked to find some of the most shoddy security I've seen. When I questioned the presenter about it, his response was "we wanted to make the system user friendly".

Okay, I understand that sometimes security measures can make a site more difficult to use. Password restrictions, automatic logouts, extra confirmations, etc. all make the site flow less easily. But, I have to question if that is the end-all of friendliness.

I, personally, wouldn't consider a system that spews my medical and payroll information to any hacker who cares to try friendly. How friendly is it to find out that I have no health insurance because someone turned it off without my permission? How friendly is it if I start getting calls from pushy brokers and TrendWest because they found out I make more than I spend?

I'd say this guy misunderstood both words in "user friendly". I think he meant "easy for us to develop" or maybe "appears easy to use" rather than "does what the user wants". He mistakes a couple of marketing people as representing his users. He mistakes friendly for easy. He doesn't recognize the bigger issues.

So, I wrote them. I got back a response that says things like "that's not an issue" and "we've determined this isn't a security problem".
This discussion has been archived. No new comments can be posted.

User Friendly vs Security

Comments Filter:

CChheecckk yyoouurr dduupplleexx sswwiittcchh..