| ||
Some years ago, engineers in the Microsoft Security Response Center (MSRC) drafted the 10 Immutable Laws of Security Administration. The second law is
Security only works if the secure way also happens to be the easy way.
Youll find a link to the 10 Immutable Laws in the Other Resources section.
The secure way and the easy way are often at odds with each other. Passwords are one popular example of the easy way, but theyre usually not the secure way (see Sin 11).
Theres an entire discipline of usability engineering that teaches how to build software that is easier for end-users to use. The same basic principles can also be applied to security.