Hard to use versus secure
|Cisco Registered Encryption Service|
I received an encrypted email from the local government via Cisco Registered Encrypted Service (CRES). To open the attachment, one must read all this...
As a first time user (95% of the users are 1st timers) , I had to register a password, a password phrase (not the same as password) , three questions. I made a typo and I lost all information. I had to re-enter again all data, a very tedious activity I'd rather avoid. Then I had to check the email to get a green light. After receiving the confirmation, I tried to open the attachment. I got an error message.
You must "download the message on your hard disk", it said. I did and then voila, I opened a pdf file telling me the same letter was in the snail mail. and I will get it soon.
Who are the users of this service? What do they feel?
They are low income and have basic, if any, computer skills. Did Cisco applied an User Experience (UX) research to see whether the intended audience is able to cope to this mishmash? How someone applying for food stamps knows how to use a CRES encrypted email and put up with its hotchpotch instructions?
Make an application impossible to use, and yes, as no one can use it, the email is secure.