Cover Your Ass / Transfer Of Liability

Quoting from Schneier here:

Security warnings are often a way for the developer to avoid making a decision. “We don’t know what to do here, so we’ll put up a warning and ask the user.” But unless the users have the information and the expertise to make the decision, they’re not going to be able to. We need user interfaces that only put up warnings when it matters.

Pretty true.  People only get irritated and pay less/no attention to incessant warnings that prove not to be warnings at the end of the day, and when the real warnings come, the user glosses over them and clicks “Allow”.

A couple of classic examples would include “The Boy Who Cried Wolf”, and using self-signed/invalid/expired/revoked SSL certificates in a production site.  I’ve seen the SSL certificate one occurring in a site belonging to a MNC, heh 😉


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s