This is a good sign, as a poll shows people want security over convenience, especially younger people. Surprisingly this is also true for older people, who likely don’t trust much of our new technology. This is the first time that a majority of poll respondents haven’t been happy to have some easy password acceptable or the convenience of linked accounts. More and more people are embracing biometrics and using password managers with separate passwords for services, especially those that involve sensitive data. That’s a change for the better, since security is important if we are to continue to grow and enhance the use of digital services in our world.
I think many of the issues with security are because of people near my age, the generation that has grown up as technology has. We’ve embraced and extended the very rudimentary systems that existed before Internet use and mobile devices became widespread. We also learned to build services in a way that gets them up and running without considering security from the beginning. Many of us grew up with computers that were either on or off, without any security implemented. We learned to network with completely open shares, and didn’t bother with access control. This is the same way many developers learned to build SQL Server applications using the sa account, not wanting to spend time learning the (basic) intricacies of SQL Server security.
As we deal with an ever growing number of data breaches (over a thousand last year), it seems that many of the people working in technology, likely from my generation, still have not learned to build security early into an application. We add security later, after we’ve gotten a prototype or minimally viable product released. In many cases, we might never build security until we suffer some sort of incident. That’s the wrong time to start looking at limiting access.
With the GDPR being enforced this spring, there will be plenty of pressure on companies to avoid being in the headlines for a data security issue. I’m hoping that customers will continue to put pressure on organizations to adopt better security measures. Between customers and new legislation in various countries, I’d hope that more managers would understand that security is important and make it a priority for their staff. Most technical people want better security, even at the expense of a little inconvenience. These changing times might just allow us to get our wish.