As someone who has to help my father with his personal tech as his mental health deteriorates (several brain tumors), I'm thrilled every time I find something that ISN'T locked down behind pin codes, passwords or other authentication methods that he no longer remembers or can communicate.
His current state really has made me think about my own tech, about what should be locked down and what really should not be - things that we lock down out of habit (or by force) rather than out of necessity.
Given the rate at which the elderly find themselves swindled out of money due to scams, hacks or any other method of invasion, I really don’t think loosening controls makes the most sense.
Might be interesting if companies offered the ability for someone to be a “steward” over another when it came to sensitive choices (like allowing new logins, sending money, etc). Of course that itself is a minefield of issues with family members themselves taking advantage of their elderly members. But maybe power of attorney would have to be granted?
What I hinted at was more granularity in how we treat different types of data, or other accesses, in response to the idea of being forced to turn on "Advanced Data Protection on iCloud".
Rather than putting all of our personal data and accesses under a thick virtual fire blanket, perhaps it is perfectly fine if some of it isn't protected at all, or is protected in ways that could be easily circumvented with just a tiny bit of finagling.
This is now how I'm approaching my own digital foot print, that some not secret things are nowadays wide open, unencrypted and you just need to know where to look to access all of it.
Relatedly, I think a lot of us under-estimate/under-appreciate physical security in our threat models. A desktop tower that never leaves my house and would be a pain for anyone but a dedicated burglar to steal maybe doesn't need the same sort of security/encryption/authentication requirements for physical access in person that a phone or laptop might need. Certainly there are plenty of fears of people targeting me specifically and getting physical access to my house, but there are also more legal protections from some of those. Threat models are all about trade-offs and physical security/physical access restrictions trade-offs can be under-appreciated as places to make choices that can be in your favor.
I understand what you mean but I think maybe your example wasn’t terrific given I think the elderly are actually frequent and vulnerable targets for crims. I’ve actually had scenarios where my parents were unable to log into an account and when I asked why they needed to, it was to give some “support specialist” information they were asking for. Is it a pain in the ass to help your parents install a mobile app sometimes? Yeah I guess. I’m just glad someone didn’t drain their bank account on them.
There is sometimes a point to inconvenience in that it requires time and assessment.
Yeah, the thing about "security" is that there is a lot more chance that it will come to bite you in the ass later down the road than being successful (actually prevent an issue). I have some funny stories about unrecoverable drives because of forgotten encryption keys.
For most people the only security they need is actually access to their money, everything else is mostly irrelevant, nobody really cares about weird habits or whatever.
Not when you understand the tradeoffs being made. If you enable Advanced Data Protection and lose or forget your password, Apple cannot help you recover it. It makes sense that it's opt-in and users make a conscious choice to make that trade-off.
