The Psychology Behind User Resistance to Stronger Authentication(guptadeepak.com)
guptadeepak.com
The Psychology Behind User Resistance to Stronger Authentication
https://guptadeepak.com/the-psychology-of-security-why-users-resist-better-authentication/
3 コメント
There is a certain point where the infrastructure of access control eclipses the problem space of the thing to be done. No one wants to have to learn LDAP++applied cryptography to set up their jig to do their thing.
Now, access control may very well be the jig that makes accountancy and modern business tractable, but it is still nevertheless, a massive problem surface orthogonal to most tasks.
Now, access control may very well be the jig that makes accountancy and modern business tractable, but it is still nevertheless, a massive problem surface orthogonal to most tasks.
I believe
!usable -> !secure
Empirically, usability testing shows rejection rates rise sharply when authentication adds more than two new steps.
I’d love to hear from others—what design trade-offs have you found most effective in aligning user convenience with real security gains?