Perry Carpenter wrote a great blog post on the challenges of people and security. As every IT professional has experienced at one point in time, people are usually the weakest link in all technology issues. And, it is safe to say it will always be that way.

So why don’t we, as IT professionals, do something radical: ACCEPT IT.

•  Accept people are going to forget their passwords.
• Accept people are going to install computer programs that cause problems.
• Accept people are going to open emails that are cleary suspect.
• Accept that it is OK.

Perry goes on to ask one simple and important question: do the IT pros need “human training”? My answer is yes! I mean, come on, do we really think a password with 8 or more characters, a speacial character, at least one capital letter, one number, and preferably not a word or to close to your user name is reasonable for a majority of people to remember? No.

Lets stop worrying about how fast it runs, and start asking a more important question: can people use it? Here is one of the secrets: people have no problem doing what they enjoy. I remember reading about password programs based on a human being selecting images out of a collection of them based on a pattern they have chosen. That is simple and easy enough for a person, can possibly be fun based on the images presented, and hard for a computer algorithm to crack!

Usability over functionality is what I hope drives software and security moving forward.