[freehunter]

It's not always easy even for technical people. For example, I bought a game not long ago. When I bought it, the game wasn't on Steam or Origin or common gaming stores. You bought it directly from their site.

So I go to http://www.beamng.com. I click the link that says "buy it now". I'm suddenly redirected to http://sites.fastspring.com/beamng/product/alpha

Both of these sites are unencrypted, and the second site has nothing to do with the first site. Do I book it out of there? All signs say yes. I wanted to buy a game from BeamNG, not from Fast Spring, whatever the hell that is. I've never even heard of them.

If we train users to follow the best practices, this game would never have a single sale. If people want to buy this game, they have to ignore that. How do we teach exceptions? Now we're getting into the territory where it's too difficult to teach to people who aren't techies.

If I have a cough, I take Robitussin. If it doesn't go away, I go to the doctor because I am not a medical expert. It's not that I can't be taught how to tell what is wrong with me, its that it's unreasonable for me to know that and still keep my day job. If I knew that, I would be a doctor. If users knew every exception to security, they would be security engineers.