Pilar Garcia, 1Password
Caring about security is not the same as understanding security. It can be challenging enough to foster a culture of security within an organization, but once that has been accomplished the work of the security team is not over. New problems arise when motivated individuals make insecure choices in pursuit of better security. Proposals for new policies or features can be motivated by appropriate concerns, and may seem sensible on their surface, but can contain flaws when examined closely. At best these flaws can render the proposed changes ineffectual. At worst, they can undermine previous policies and weaken organizational security in unforeseen ways.
@inproceedings{garcia-21-misconceptions,
author = {Garcia, Pilar},
title = {{In the Name of Security! Misconceptions of Security Features (Industry Report)}},
booktitle = {Who Are You?! Adventures in Authentication Workshop},
year = {2021},
series = {WAY~'21},
pages = {1--2},
address = {Virtual Conference},
month = aug,
publisher = {}
} % No publisher