{"id":36819,"date":"2022-08-22T16:52:40","date_gmt":"2022-08-22T20:52:40","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=36819"},"modified":"2022-08-29T11:53:33","modified_gmt":"2022-08-29T15:53:33","slug":"too-secure","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2022\/08\/22\/too-secure\/","title":{"rendered":"Too Secure"},"content":{"rendered":"

Manton Reece<\/a>:<\/p>\n

I continue to think that my devices are now too secure. Face ID shouldn’t freak out multiple times a day, requiring a pin. Safari shouldn’t scrap cookies every week, requiring needless extra web sign-ins. Any security beyond unlocking my Mac is usually unnecessary friction.<\/p><\/blockquote>\n\n

I think there’s something to this. There is often a tradeoff between security and convenience, so it’s important to find the right balance and to limit the annoying stuff to where it actually helps a lot.<\/p>\n\n

Face ID requires my passcode multiple times per day, which tempts me to choose one that’s less secure. Safari is more annoying than other browsers because the “Remember me” checkbox on so many sites doesn’t work. Apple’s sites seemingly always<\/em> require logging in. My old iMessages are nearly impossible to access, and cannot be directly downloaded, ostensibly because they are end-to-end encrypted. Yet, in practice, that’s a mirage, so it feels like Apple has more access to them than I do. Transparency Consent and Control (TCC) seemed like a reasonable idea but remains failure-prone and confusing—as if the thinking was that making it smoother would be less secure. And, of course, the App Store provides—at great cost—arguably much more the appearance of security than actual security.<\/p>\n\n

Previously:<\/p>\n