(updated 15 Sep 2005: added link, example)
Jakob Nielsen has a good point that User Education Is Not the Answer to Security Problems.
And "Educating Users" made the Six Dumbest Ideas in Computer Security.
End-user instructions for legitimate web sites and IT products are more counterintuitive than the instructions for being victimized by a phishing scam or the instructions for decrypting and installing a social engineering worm.
As long as the industry is willing to make users do complicated and incomprehensible things, attacks that depend on confusing the user will succeed.
Comments on this page are closed.