One of the classic rules of information security is as follows:
Bad security is worse than no security. With bad security, you think
you’re safe. With no security, you know you’re not–and act accordingly.
What’s interesting is how much this applies to user interface concerns as
well. Occasionally, Windows will simply fail to execute simple copy-and-paste
correctly. It’s not so common that it prevents me from using it entirely
(which, incidentally, is a horribly damaging attack against an IT
infrastructure–break things so often that people refuse to trust and receive
value from *anything* out of IT), but it’s not so rare that I can ignore it
as a random bug. It’s essentially stuck in that middle ground, where I
have to accept and suffer through it, all the while experiencing much more
frustration than if I just consistently retyped the text myself.
This is not just idle chatter. More and more, I’m realizing the effects of
user frustration are a key tool in understanding everything from
cryptographic deployment(Sporadic SSL vs. Universal IPSec) to Desktop
UI’s to the farce of “Secure” Digital Music that breaks on a whim.
More on this another time.