>Until and unless you present a usability study involving 100+ people composing >a representative sample of an identifiable community, you don't know a thing.
* I think * is NOT * I know *. I may be wrong: I don't care. First of all i want to implement this for myself, and if i'm right and is something that people like, that is good for them. I will expose my reasoning instead; unfortunately i don't have the resources or knowledge for a full study. - smartphone outnumber pc since 2011 (http://www.marketwatch.com/story/one-chart-shows-how-mobile-has-crushed-pcs-2016-04-20) - smartphone are already carried everyday by most people owning them (http://www.nydailynews.com/life-style/addicted-phones-84-worldwide-couldn-single-day-mobile-device-hand-article-1.1137811) - smartphone have NFC, BT, WiFi, making contacless payment or key exchange extremly easy, convenient, and fast. In fact, i know payment and even public transport access by NFC is already a reality. (no source needed, i hope) - smartphone are easy to loose or get stolen (45% of 18-24 years hold has lost at least one phone according https://www.statista.com/statistics/241365/us-cell-phone-users-whose-device-has-been-lost-or-stolen-by-age-group/) - many smartphone are not safe (http://thehackernews.com/2016/08/hack-android-phone.html) - some documents in different country already come with a personal certificate/key bound to the person My idea is to make possible for the everyday user to add/manage new services with a main password (by using the level 2 key, encrypted), accessing services eventually passwordless (level 3 key), but in case of the loss of the device, reissue all certificate in a automatic fashion on the new device, staring from the safe key describing the original identity (level1) Now, from the *user* point of view, I think we can all agree that the reissuing of the key is quite a pain, and having safe way to do it automatically is quite nice. but no stat on that. On the server side, we already have something going in the right direction with openID (but i don't think can be made transparent-compatible, that is another big discussion) >And without exception, not one has been successful. better one more try, that one less >Househusband. English has used this word since 1858. TIL >They may lack sophisticated technical skills, but that's not the same as being >foolish or clueless. But my target is not fools or clueless, my target is who is lacking the technical skill. For those person is all about convenience; 50% of android user does NOT lock the phone (https://www.elie.net/blog/survey-most-people-dont-lock-their-android-phones-but-should). Since apple has implemented touchID, they say >80% of the user use it. (http://appleinsider.com/articles/16/04/19/average-iphone-user-unlocks-device-80-times-per-day-89-use-touch-id-apple-says) This, in my opinion, is exactly the target, make the deploy of the key easier, especially in case of device loss (aka level 2 and 3 key compromised) >Your "average internet user" is a 1940s-style way of thinking. We need to do >better than that. Then explain FB, google, youtube, amazon... all of them does NOT provide a great deal of personalization, if at all. UX, usability, all is about create a "average user" out of your target audience, and make things work for most of them. It is extremely hard to do, but now we have much more literature. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
