Opt-In Security V.s Forced Security
If I was to offer you the choice between one of two devices. The first device is completely customisable, allowing you to change almost any factor related to it. The second device has been designed with security from the ground up and doesn’t allow for any customisation. Which one would you choose? This is a decision that we all face, the decision of Opt-In-Security V.s. Forced Security.
“As with many things the debate comes back down to Convenience V.s. Security” One of the most contentious of these discussions is between IOS and Android. The comparison being between Android, a fairly open operating system,and IOS, a strict and stringent os. The real question comes down to ‘Is this good or bad?’ As with many things the debate comes back down to Convenience V.s. Security, the debate of where you draw the line of something being easy and secure. Never IOS or Android are intrinsically easier to use due to their security measures, or lack of. However Android with their open policy does allow for users to use a wider range of apps.
“Apple in doing this saved many users from themselves and mitigated them from downloading harmful software.” The Pokemon Go phenomenon is a great example of this. Back in mid 2016, before it hit most app stores, the app’s APK file was accessible on third-party websites. Within days of people downloading the app researchers at Proofpoint found that hackers were uploading remote access tools masquerading as the Pokemon Go app. As IOS devices do not allow for downloading from unknown sources their users were free from this malware. Apple in doing this saved many users from themselves and mitigated them from downloading harmful software.
We get this on sign up forms as well, websites that specify what your password should look like. Whether it should have special characters, how long it should be and if it should contain capital letters. In practice these measures function as a double-edged sword due to increasing password discipline but also setting a clear pattern between passwords which lowers security.
Opt-In-Security v.s. Forced Security is a debate that will continue, however there is one point that we should all keep in mind. Just like all things a balance needs to be struck. Security needs to be taken into account, by all parties, however this will achieve nothing unless convenience is taken into the picture also.