An often used counter-argument to any security measure is that an individual could bypass or overcome it. I have come to realize that the response to that is just as simple. You certainly could break down the door to my house with a battering ram, but that is not why I lock it.

These thoughts came to mind when I thought back to my earlier explorations on the internet. I saw comments from cybersecurity experts online scoffing at the measures people used to secure their accounts and devices. They explained how they could use a variety of software and and hardware techniques that I would never become familiar with to bypass your security measures. Proverbial battering rams. Yet, despite the presence of such criticisms, we all do not have daily updating 256 character passwords on dedicated home software with two additional forms of verification in the form of a physical key and an additional 56 character authentication code. And somehow, all of our accounts have not been immediately stolen by hostile hackers. In fact, one of the most common forms of security today is just a long password and a 2-factor authentication.

I mean you certainly could use the extremely rigorous hypothetical security example I set above. Your account would likely be completely and utterly secure from anyone… especially you. You lose that physical key and now you cannot access the account. The account will be safe and secure, but it would not be very useful. Not to mention, such measures are likely to be far more expensive than a simple password.

So, I was thinking of a way to describe this, and I was a little surprised the term is not used more often. The term came to think of is "friction." I imagine most are familiar with the term, but it just means the resistance an object encounters when moving against another. Friction slows objects in motion down. Whenever we implement a security feature, physical or digital, we are introducing "friction." Resistance.

I often hear that the most common method of breaching data is through social engineering. No programming skills needed. Now why would that be? Simple. It's easier. Why develop a sophisticated program when I could just have you tell me your password with a lie? Now, what's a great way to keep most people out of your home? Locking your door. You will not keep out a battering ram, but you will keep out most crimes of opportunity. You are adding friction.

Friction does not stop everything, but it can stop many things and slow down the ones that it does not stop. Then, if something is moving much faster than friction can stop it, but there are two things to consider. First, you need more work to get the faster moving object going. A sophisticated hacking program requires a sophisticated programmer spending a fair amount of time on it. It is hard to achieve. Second, a faster moving object is easier to spot. A brute force password attempt results in a lot of log in attempts. A battering ram is big and heavy, so you will get an idea if a person is trying to knock down your door if you look out the window.

At the same time, I like to use the word "friction" because it shows security cuts both ways. Just as a thief cannot get past a locked door, neither can I. The more security measures I add to add friction for thieves, the more it adds to my ability to access my information. Now I have to remember or write down my password and make sure my phone is on me to use 2-factor authentication. If I lose my phone, that is now friction I cannot overcome as a user, but neither can a hacker. However, it is not an impenetrable shield. I could, or even a hacker could, call the service provider and use an alternative way to access the account. Again, more time, more friction.

Now, I used a lot of digital examples, but I intended to use friction in a more ubiquitous sense. The locked door is not merely an analogy. We add friction to physical security systems and legal mechanisms as a way to reduce crimes of opportunity and unwanted behavior. I like the term "friction" because it demonstrates we do not expect to stop everything, but we expect to stop most things. It cuts against the argument that people will get around it. Of course, but we are by no means making it easier for them. I also like the term "friction" because it shows the measures can make legitimate and illegitimate uses more difficult to achieve.

Well, I think this article has gone on long enough. Ultimately, it is just a long way to say I think "friction" is a good word to describe what is probably already described as "deterrence," but I also feel like "deterrence" is more specifically used to describe discouragement. I feel like "friction" touches more on the physical and the psychological. I think it's a fun word and I'm surprised it's not used more. Thank you.