I am evaluating an enterprise system where we are providing access to personnel records and other information where the access needs to be controlled. As always there is a tradeoff between security and usability, however it seems at times that by providing user experiences that are unuseable we are providing security through obscurity, and not proper security procedures and measures. An article this morning discussed Microsoft’s approach to providing additional features at the risk of security.
"Ease of Use – Effective security is always at odds with convenience. Microsoft’s main marketing pitch is “ease of use”. and “integrated environment”. For this reason, what security features there are are often turned off by default."
I am just not sure that security and usability are competitors. Yes, some security measures require an increased memory load and recall instead of recognition. These are not the only methods, I need to investigate this in more detail.