Security So Simple A 10-Year-Old Can Do It
It’s the summertime, and my daughters are home from school. During the day, this means it’s a constant struggle between them arguing about who is doing what or listening to them laugh at YouTube videos at the top of their lungs while I try to answer work calls as the dogs bark and fight inches from my desk. I love having the days at home with them, but it is an exercise in futility to hope for a quieter work environment — the joys of fatherhood, I guess. That aside, their days at home mean that my oldest daughter (she’s 10) is going to be playing a lot of Fortnite.
I had never played the game before a day ago, and to the best of my knowledge, it was nothing more than a cartoony version of other multiplayer shooter games that was at least slightly less violent (I know, “father of the year” here, but for what it’s worth, I did review the game in depth, and I did set parental controls on the console). Because she loves the game, she decided that Daddy had to learn to play it, and she and I spent a few hours playing together as I secretly enjoyed watching my daughter lay waste to other players — proud father moments must be taken when you can get them. In truth, the game gave me a headache from the neurotic action and constant movement, like I had been on a three-day meth bender. But hey, the kids like it, and I’ll take any chance I can get to bond with my girls.
The most interesting thing that came out of this whole “learning to get my ass kicked by 10-year-olds on Fortnite” thing was observing the system’s implementation of security tooling. As soon as we created an account for my new, soon-to-be-repeatedly-slaughtered character, the system asked me if we would “like to set up two-factor authentication.” Wow. What a great idea, security for the account.
To see how difficult it might be to get this security control configured, I asked my 10-year-old Fortnite ninja if she would set it up. She filled out the form, clicked “submit,” and then got the first code for our updated login. In total, it took about 2 minutes for this whole process to take place, and again, it was “deployed” by a 10-year-old. To make sure she understood what she had actually done, I asked my daughter, “What did you do to my account?” With a coy smile, she replied, “I set it up so you have to do an extra step to log in, so you don’t get your account hacked. Duh, Daddy.”
In less than a few minutes, my 10-year-old had “configured” a form of multifactor authentication on my account. In her own words, she expressed that very simple reason: “so I didn’t get hacked.” She understood the benefit of why this needed to be done: to protect those valuable V-Bucks that are so precious to the Fortnite gaming community and to protect what was critical to my “future” in that arena of coolness. And she was able to decipher how to turn on this function with no tech support, Googling, or assistance from me. That speaks to the simplicity of the solution and the clarity with which its use is communicated — so easy a 10-year-old could do it, literally.
Well, if ever there was a more poignant piece of evidence of the value of understanding a simple security control, deploying it easily, and communicating how to use that control inherently, here it was.
If the solutions you employ are incredibly, technically focused and don’t communicate the “why” of the solution, and the end user can’t get the value of using that tooling, it’s a problem. Be clear, concise, and speak to the value that they should get out of the implementation — not the sexy cool techno babble that we often see in messaging for technology.
If a 10-year-old can understand the value of a tool and “deploy” this type of solution, anyone can.