Bright Stove

Reflecting information risk journey

Archive for October 2011

Buckle up before you drive

with one comment

Walking past a row of cars parked alongside the street next to my apartment this morning, I noticed that a number of them have their safety belts already buckled. They reminded me of a habit common amongst many drivers and passengers in China, that they would drive without the safety belt on. For newer cars whereby an alarm would go off reminding of an unbuckled seat belt when the engine has started and the door closed, the driver and passenger would normally have the belt buckled and then sit over it, and hence those in the parked cars. In Chinese term, this is simply “上有政策,下有对策”, a common phrase stating that when the top set up a policy, the bottom will have counter measures in response. So when the car manufacturer installed new technology to enforce a safety measure, the user counter it with changing the way it is being used, buckling it to the seat permanently so the alarm no longer goes off. To them, they have chosen to tradeoff their safety for more comfort without the seat belt. Maybe the always congested traffic in cities like Shanghai and Beijing simply make the use of the safety belt less meaningful when they can’t even accelerate to a speed faster than 60 km per hour in most roads. To many, the irritation or inconvenience is simply uncalled for as the “it won’t happen to me” syndrome prevails.

The same thinking runs through the head of many Internet users as well. If we look around, a common user resistance against information security measures is remembering passwords. Users would often find ways and means to find an easy to remember (not necessarily difficult to guess) password to be accepted by the application, and have the same password used across as many applications as possible so that they have less to remember and can get online to use the Web as quickly as possible.

Ironically, unlike car manufacturers improving their safety defaults, many web sites are designed to help users in forgetting their passwords, with the so called “Remember my ID/password” feature as a preselected, ticked checkbox at the user’s first logon. A car driver or passenger may be conscious to see an accident coming, and if alert enough, may still be able to avoid or reduce the corresponding impact. In fact, most drivers and passengers even in China would put on the seat belt (over their body, not behind) when they get on to the express way where the traffic is flowing freely. In short, they still have a choice of when to use it, and also how to respond to changing situation, even though not always making the right ones.

The “Remember my password” feature however makes the user feel safe about the action, and in many cases, would not even let the user notice about an attack on the password store occurring right in front of her. What it instills often is a notion of inconvenience when the user has to remember her passwords. The question is, why implement a password feature if the web site provider doesn’t believe in it and introduce other measures to help users circumvent its use?

Coincidentally, before writing this, I just watched Apple’s new products announcement, which recaps some of the new features in the upcoming iOS 5. Amongst them, Twitter integration with iOS 5 was called out, and the presenter said, which is also stated at Apple’s web site, “Sign in once in Settings, and suddenly you can tweet directly from Safari, Photos, Camera, YouTube, or Maps. Want to mention or @reply to a friend, … you can start typing and iOS 5 does the rest”. So it now has your buckle on by the default before you Tweet. Is it in front or behind your body?

Written by mengchow

October 5, 2011 at 4:16 pm

%d bloggers like this: