How Infosec is constrained by  culture
Convenience, it’s one of the things we want most in our technology. From smart fridges with  automatic shopping based on your grocery lists, to smart thermostats that learn our temperature  preferences and automatically adjust, we want things to be easy and have as little effort on our  part as possible. “Remember my password”, “remember me on this computer”, “Don’t ask me  again”, common phrases used to save 3 seconds of typing in a password. What we don’t have in  abundance is common sense when it comes to technology. We don’t stop to think about  password strength or having different passwords for different sites. We want to use our own  (unsecured) devices to access secured platforms, and then we leave our passwords to those  platforms easily accessible for anybody that picks up our phone. These things aren’t likely to  change anytime soon, and that makes securing these platforms difficult. Blackboard has a good  method if you log on from a computer, it sends a push notification to your phone where you have  to approve the log-on from your phone. Steps like these are a good start, along with two-factor  authentication, but from the prolific use of “remember my password” I’m skeptical that many  people want an extra step to get to the platforms they want to use. Another tactic that could  work, albeit at a cost to businesses, would be to purchase secure devices for each employee to  check out to use while at work, and then checked back in at the end of their shift. The company  could wipe any temporary data from the devices at the end of the work day, lessening the  amount of time available for someone to breach the security.