I was reading Social Engineering: The Art of Human Hacking [0] a few years ago and it was really fascinating to see how easy it is to get the user to give us data versus unlocking an AES256 encrypted value on a computer I'm not allowed to touch.
Since I do a lot of work in PCI (Ecommerce / Orders / Credit Cards) I've learned that the most secure systems never allow the human user to access decrypted data. That things like tokenization work, and it's far better to give an abstraction of a credit card for tech support and developers to work with than the actual card even though on the surface it seems like it's not a big deal.
If you are designing a system and at any point think, "This data is okay for the user to access because they can't (share/steal/walk out of the building with) it." You should seriously read the book I mentioned above. It really is impossible for you to imagine all of the very logical scenarios that would lead a janitor to keep a door unlocked. In fact, I can already think of a handful of reason why, if I were a janitor, I would keep that door unlocked because of a sticky note.
I always thought that one was kind of stupid. Encrypting laptop data protects you if your laptop is lost or stolen. If people are willing to kidnap and torture you for your data, you have bigger problems than the fact that they probably will get it.
Robert Anton Wilson and Robert Shea wrote a character into their Illuminatus! trilogy who employed a very similar strategy. He would leave cryptic messages and commands strewn about various businesses and locations (such as "no spitting"), some with The Mgmt. appended to them. They were so blandly authoritative that the rest of the characters blithely obeyed them without question. Social Engineering hacks keep working for a reason, hey?
Since I do a lot of work in PCI (Ecommerce / Orders / Credit Cards) I've learned that the most secure systems never allow the human user to access decrypted data. That things like tokenization work, and it's far better to give an abstraction of a credit card for tech support and developers to work with than the actual card even though on the surface it seems like it's not a big deal.
If you are designing a system and at any point think, "This data is okay for the user to access because they can't (share/steal/walk out of the building with) it." You should seriously read the book I mentioned above. It really is impossible for you to imagine all of the very logical scenarios that would lead a janitor to keep a door unlocked. In fact, I can already think of a handful of reason why, if I were a janitor, I would keep that door unlocked because of a sticky note.
[0]http://www.amazon.com/Social-Engineering-The-Human-Hacking/d...