Your reply made me smile. You're quite right, but only up to a point. An emphasis on security that compromises usability can backfire and start to make things less secure.
For example, enforcing a 32 character passphrase with at least 1 non-alphanumeric character would be incredibly secure, but users will start writing down their password on post-its near their terminals, and suddenly all that 'security' evaporates because you've introduced an artificial weak link.
In a small way better usability enhances security by making the user less likely to get things wrong.
For example, enforcing a 32 character passphrase with at least 1 non-alphanumeric character would be incredibly secure, but users will start writing down their password on post-its near their terminals, and suddenly all that 'security' evaporates because you've introduced an artificial weak link.
In a small way better usability enhances security by making the user less likely to get things wrong.