'

Locking up the monkey

Over the past few weeks, the Email Service Provider MailChimp has announced a slew, well, three, new security measures. Security is always a balancing act, between ease-of-use and effectiveness.

Over the past few weeks, the Email Service Provider MailChimp has announced a slew, well, three, new security measures.

Security is always a balancing act, between ease-of-use and effectiveness. If it is effective but time-consuming and a pain in the arse, then people won't use it, and thus it becomes totally ineffective.

A case in point is the LloydsTSB commercial banking card reader: every single transaction requires authentication with the calculator sized reader and the debit card. That's too bulky and too much authentication. Compare this with the HSBC commercial banking keyfob-sized one-use “Security Device”. Much easier.

In a very interesting post, Chad Morris describes why MailChimp have created AlterEgo, a user-friendly 2-Factor-ish layer of security that uses a mobile phone to generate a security code.

AlterEgo website
AlterEgo's website, by The Rocket Science Group who created MailChimp

They have also brought in Detect Location Features, which rings alarm bells if you're accessing your account from elsewhere than usual, and TXT alerts which will send a text to your mobile if some major things are happening on your account.

With the snowballing of integration between webapps, I'm sure we'll be seeing a proliferation of these security measures across the board. Personally I integrate WordPress, Eventbrite, MailChimp, GoogleApps, Twitter and Facebook in some shape or form.

Username+password doesn't cut the mustard any more, it's time for some beefed-up security (didn't anyone mention, it's Mixed Metaphor Friday!).