TKO - Built for disaster

Every now and then a surprise is a good thing™ but when the surprise is the same every morning it can't really be considered as one. For Homer Simpson-like characters maybe it is ok to bang your head against the wall and everytime it hurts, with a surprised "DUH!" as a result, you go on banging in hope for a different result. But one would think people working in an office full of University degrees and what not could behave differently. Let's take a real life example of this (any resemblance to my employer's office is pure coincidence). Every morning coming to work we have to walk by the front desk, most of us say good morning to the security guard, and proceed to the gate. In order to pass that we have a two-way authentication procedure to attend to. Place the ID-card in front of the magnetic card reader, and punch in a personal code. This is the same, every time we need to get into the office, whether it is in the mornings after passing the front desk, entrance...

I am a bit worried about how certificates are handled in today's applications (I guess the olden days weren't any better). Or, actually, there is so little knowledge among average users abut how certificates work and why they are there. This of course makes PKI-world a heaven for hackers and other dark elements in society. Talking about average Joe doesn't cover it all though. Apple seems to think it is OK to download certificates from here and there and quite happily recognize them as valid . Even helping the user to validate them: "Go for it! This seems like a legitimate thing to do". In my mind iPhone has been a cool gadget to have, but with technology from days gone by... (no MMS, mobile camera with baaaaad resolution etc etc) and now they give up security too. But then again, wasn't it supposed to be un-breakable, like the PS3 and Titanic? And I really shouldn't rant since don't own one anyway. Good morning!