Why we blame users of unsecure systems?
Blaming the victim is common in IT: users are to blame because they don’t patch their systems, choose lousy passwords, fall for phishing attacks, and so on. But, while users are, and will continue to be, a major source of security problems, focusing on them is an unhelpful way to think .
They must accept that security systems that require the user to do the right thing are doomed to fail. And then they must design resilient security nevertheless.
We know solution for this problem for years. But it is easy to blame some one other and continue to do nothing.
The solution is to better design security systems that assume uneducated users: to prevent them from changing security settings that would leave them exposed to undue risk, or – even better – to take security out of their hands entirely.
Read full article at Guardian.co.uk