Why is security so incredibly complicated? I am a professional programmer, and I can hardly use all of the hopelessly stupid solutions that we in the security business have come up with. One is more complicated than the other. I strongly believe that security must be simple. Otherwise, no one is going to use it – and in that case, security is nothing but a desktop product lying on the IT security manager’s table, collecting dust.
No.
A great deal of evidence points to the need for simplicity. BankID literally exploded when the mobile phone version of BankID, i.e. Mobile BankID, came out a few years ago. Suddenly, it was simple and secure to identify oneself at various digital services. County councils force employees to use digital cards, which they often forget, and therefore, they log in with a colleague’s card or with an old password. This means that one cannot demand the use of two-factor authentication (login by using two different types of information), which is considerably more secure than passwords written down on the backs of computers. We have examples of energy companies that spend time and resources on creating, distributing, and administering passwords to their services via paper. Here, of course, there is the risk that the mailbox is emptied and the password goes astray. Perhaps not so serious when it has to do with an account at an energy company. But the likelihood that someone saves the password and remembers it is virtually non-existent.
When simplicity is well in place and the use of secure mobile identification is high, the consequences are two-fold: accessibility and increased efficiency. Users can identify themselves in all types of situations, to take part in services both as employees and as citizens. This can be everything from passing through a door at work and logging into a computer, to securing a child’s place in the preschool queue or an older relative’s place in the care system for the elderly. This creates accessibility to a variety of services for citizens and makes society at large much more efficient. Care personnel do not have to spend time on the administration of applications to care for the elderly – they should, of course, focus on taking care of the elderly. Digital identification in the mobile phone can surely be of help there as well. And in that case, it should obviously be simple.
Magnus Malmström
Director of Software, Nexus