Don Marti

Thu 15 Sep 2005 07:31:26 PM PDT

Why User Education is not the Answer

(updated 15 Sep 2005: added link, example)

Jakob Nielsen has a good point that User Education Is Not the Answer to Security Problems.

And "Educating Users" made the Six Dumbest Ideas in Computer Security.

End-user instructions for legitimate web sites and IT products are more counterintuitive than the instructions for being victimized by a phishing scam or the instructions for decrypting and installing a social engineering worm.

As long as the industry is willing to make users do complicated and incomprehensible things, attacks that depend on confusing the user will succeed.