Recently at Black Hat and Defcon Dan Kaminsky
presented an interesting usability challenge how can you help users remember a long string of hex digits such as an SSH key. His solution was to replace the string of hex digits with a series of first and last name pairs. The idea being that the human memory is better at dealing with names than with orderless strings. First off let me say that I like the idea it has an accessibility to it that I think would actually get people to look at their keys rather than just type yes and hit enter. However there's a subtle flaw in the scheme. The names have to be carefully selected not to have similar but different overlaps or it becomes easy to fool.
A prime example of this is that silly internet meme that goes around saying look you can read this despite the letters being out of order. Additionally users of the internet tend to skim when reading, so if there are too many names the risk of a user accidentally accepting the name Smyth instead of Smith goes up as well.
All in all I think Dan's scheme is really a good idea however the names need to be chosen carefully so that there are few overlaps e.g. Smith vs. Smyth. Also the system needs to keep in mind that if possible trying to keep the number of pairs down will help to stop a busy user from just accepting the new key. Both of these concerns are easily addressed if they aren't already hence why the title of this post is silly thoughts.
0 comments:
Post a Comment