Step 1: Knowing that you have a problem
Step one in every 12 step program is knowing that you have a problem. If we are going to do anything about terrible security usability we need clearly defined criteria that allow us to identify terrible security usability experiences that require repair.
This approach is entirely different from that of usability specialists such as Ka Ping Yee who has been working on a set of principles for good security usability. Good design of any type is an art. Bad design is simply the result of making mistakes.
That is why I think that we need to start thinking about of laws of security usability. By laws I mean a set of rules that are sufficiently accepted and well specified that we might at some point in the distant future after consensus has been established in the field and vendors have had a chance to deploy new products in response, consider breaking one to be a potential liability issue.
The zeroth law of security usability would be that if it isn't safe, it isn't usable. Nobody would claim that a light switch design, however pretty or intuitive was 'usable' if incorrect use was liable to result in electrocution. We should apply the same approach to computer systems.
Rather too often the response to making security a higher priority in the design of software applications is that to do so might make them less user-friendly. The result is that all to often we have designs that it is simply not possible for the user to use securely.
One example of this problem that is becoming justly notorious is email. There is absolutely no way in which the email user can expect to know that the email they receive is in fact from the purported sender or not. The problem of phishing is a direct and predictable result. Many proposals have been made to fix the problem but these have all suffered from the pushback that users might not be able to use them effectively.
The reverse also holds: a system isn't usable it probably isn't going to be safe. The modern engineering practice of ergonomics originated in the design of airplanes after pilot error was identified as the cause of many crashes.
