Design Versus Intention
As problem solvers, we dream of a positive vision of the future, based upon the belief that the challenges and problems we face are solved by good design. OK, stop the playback. Back in the real world, the dominoes occasionally get knocked down in sequences un-imagined and worse, in ways where our complex and richly-integrated systems cannot address. Some of it will be act-of-god happenstance, some will be introduced by the ever fallible humans, while others are just malicious intent. It’s a harsh reality, but that is and have always been the Internet in spite of funny cat GIFs. When you are creating a solution — from authentication to authorization — make sure the design takes some consideration for all intents, not just the ones derived from planned and expected user stories.
When BMW created an access point for non-franchised garages and mechanics to be able to pull diagnostics and interact with their sophisticated vehicles, they never intended for criminals to re-program illegitimate keys ad-hoc, and with ease and expediency for car theft. When financial institutions added forgotten-password retrieval and reset routines, they never expected that a lingering password retrieval session could be hijacked and used for logging in without any credentials. Amazon’s own “elasticity” stretched past breaking recently, because of an anticipated failure recovery created over subscription of the very Amazon Web Services provided, during a problematic power period caused by Mother Nature’s record-breaking heat wave.
In each of these scenarios, engineering teams went through rigorous design and review to ensure they addressed the planned or imagined use cases, individually. Project managers watched as QA performed the required tests. They absolutely delivered what was asked of them in terms of product and functionality and usability. Yet every single one of them failed in such a way that leads to pondering, how could this not have been thought of? Ironically, it is the efficiency at solving the original problem — allow access, reset credentials, shift to a different resource pool — that in turn created an entirely different monster. Their design satisfied their singular and original intention. Will your silver bullet bring out the boogey man underneath the bed?