, 2005-12-12
There are many examples where users are now being inundated with pop-up messages asking them to respond to things they don't know about or don't understand, and it leads to weaker security overall.
Expand all |
Post comment
This is neat: It cleverly disables that "just click OK" reflex and - at least first time - makes you read the message.
I do think that users should be asked to accept the responsibility of their actions, and this requires their confirmation. Did you ever read this:
http://www.ranum.com/security/computer_security/editorials/d
umb/
The six dumbest things in computer security, all boils more or less down to one: default permit.
Noone should enable a default permit policy on behalf of others. The IE choice is the right choice in this respect. If it would then be enhanced with a timer like that in firefox, we're getting closer.
And add to that, first time the popup is shown, more detailed information should be shown with a disabled next button that will be enabled after some time. If the user does not select "default permit" that message can be skipped subsequently.
Yes, it's anoying for users. But, I'd rather annoy users than become implictly responsible for their errors because I chose default permit on their behalf.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/374/32823#32823