Users Don’t Care About Security

By Tsahi Levent-Levi

May 28, 2012  

Here’s a secret: people don’t care about security.

They really don’t.

Telecompetitor quoted an interesting Junpier report, noting that people lack trust in services, devices and apps while at the same time use them.

I’d say that people don’t even deal or think about trust most of their time. Sure – put a question in front of a user about trust and security and you’ll get the answer that they care about trust. Who wouldn’t confronted with this question?

But at the end of the day – we don’t care.

We use a large and growing number of apps on our phones. Most of us relinquish the privileges requested by these apps without even checking what they are: children games that can use our phones to dial out, go to the internet for ads. Applications that devour our address book.

We don’t really care. And I don’t think users should care.

Who should care? Developers and product managers. People who are building apps and services. They should care.

This is why resources such as Troy Hunt’s blog are such great resources for developers and product managers. It shows how bad security is on the web today and what should be done about it. his recent post on website password reset mechanism was something I needed 3 years ago… nothing there is rocket science, but it does save the need of reinventing the wheel.

Next time you plan an app or a service – please take care of security. Users won’t care, but you should.


You may also like

Leave a Reply

Your email address will not be published. Required fields are marked

    1. Dave,

      That’s my whole point – poorly designed apps are the same as evil apps in a way.

      If I poorly design my login page or my password reset page, and that causes malicious attacks and loss of data, it simply means that I didn’t take care of your security as the user.

      The same applies for children’s games that try to use more than they really should, as there are implications to that – security ones.

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}