•Security is costly—buy only what
you need
–You pay mainly in
inconvenience
–If there’s no punishment, you
pay a lot
•People do behave this
way
•We don’t tell them this—a
big mistake
•The best is the enemy of the good
–Perfect security is the worst enemy of real security
•Feasible security
–Costs less than the value it
protects
–Simple enough for users to
manage
–Simple enough for vendors to
implement