Hard to use versus secure

Cisco Registered Encryption Service

Secure email

I received an encrypted email from the local government via Cisco Registered Encrypted Service (CRES). To open the attachment, one must read all this...

As a first time user (95% of the users are 1st timers) , I had to register a password, a password phrase (not the same as password) , three questions. I made a typo and I lost all information. I had to re-enter again all data, a very tedious activity I'd rather avoid. Then I had to check the email to get a  green light. After receiving the confirmation, I tried to open the attachment. I got an error message.

You must "download the message on your hard disk", it said. I did and then voila, I opened a pdf file telling me the same letter was in the snail mail. and I will get it soon.

Who are the users of this service? What do they feel?

They are low income and have basic, if any, computer skills. Did  Cisco applied an User Experience (UX) research to see whether the intended audience is able to cope to this mishmash? How someone applying for food stamps knows how to use a CRES encrypted email and put up with its  hotchpotch instructions? 

Make an application impossible to use, and yes, as no one can use it, the email is secure.

Secure versus Easy To Use

Making a secure application easy to use, does not diminish it's ability to protect the content. We can't force real people to use a badly UX designed security product, The app should adapt to people and not showing off a superiority complex, which is nothing by the visible face of stupidity


Popular Posts