[smugworth]

It always seems to me like security solutions rarely take into account usability and user experience. Even something which should be simple like configuring a client to use SSL over plaintext can block productivity for a multitude of reasons until you finally put all the pieces together correctly.

Maybe it's out of necessity, because convenience features would be less secure. Maybe there's not much overlap between those concerned with security and those concerned with ease-of-use, except for cases where companies can develop tools that encourage good security practices while exposing the end user to other risks (e.g. password vaults with one entrypoint).

So what you end up with is people gravitating towards bad security practices and using shortcuts because it's a PITA to maintain the good ones. Let's skip using SSL because we need to get work done instead of troubleshooting the dozen possible misconfigurations. I'll use a really short password for my AppleTV account because it's too hard to type the damn thing with the on-screen remote. I'm tired of getting a 2FA code 50 times a day to get work done, so I'll implement a hot key to generate it from the command line.

Seems like ease-of-use for security solutions should be almost as much of a priority as the security implementation itself in some cases.