In most cases, how an authentication system works when a legitimate user tries to log on is much more important than how it works when an impostor tries to log on. No security system is perfect, and there is some level of fraud associated with any (authentication method). But the instances of fraud are rare compared to the number of times someone tries to log on legitimately.
—Bruce Schneier on balancing security and usability
I like thinking about security. But, inspite of all the dramatic headlines, I believe bad usability causes far more damage then the bad security.
A more usable system should make recovering from a security breech easier. It’s easier to make things right, when it’s easier to make things.
Usability limits what people can do with something. Is it just coincidence, or does that sound like a partial definition of security?