Friction is Good: Let's add it to our digital experiences

I agree with the sentiment, but this is UX 101.<p>UX isn&#x27;t about always letting the user do something as fast as possible--that&#x27;s just cargo cult UX. UX is about reducing the obstacles between user-intent and computer action. We want the computer to carry out the user&#x27;s intent.<p>Sometimes that means frictionless UI: if I&#x27;m changing a font size, I want direct manipulation, instant feedback, etc. But if I&#x27;m transferring money, I want to make sure there are no mistakes and sometimes that means friction: confirmation steps, etc.<p>Saying that friction is good is just as useless as saying that speed is good. The whole point of UX design is to know when it&#x27;s good and when it&#x27;s not.

&gt;For sixty years, computing has emphasized speed<p>I wish day to day software emphasized speed

This article is light in details, but I&#x27;m going to guess that the money stolen was crypto of some sort. It is unlikely you could pull this off with regular banks as banks log everything. Sure if I gave you my checking account number you could take all the money I have in there - but the banks all know who got that money and so when I go to the police there is a trail to trace and much higher odds I get it back. This is one reason why crime goes through Swiss banks (traditionally) or Cayman islands (more likely) - the banks there are much less likely to cooperate with any police I go to and so it is much harder to reverse charges.<p>I still won&#x27;t post my checking account number publicly though. Bank logs are not fool proof, but they are a lot better than crypto.

TurboTax has this kind of “performative slowness” to convince you it’s doing more than it actually is. It has pointless loading bars and spinning wheel pages as you navigate through every section. I definitely wouldn’t be an advocate of replicating it.

<i>&gt; Thinking fast has left us vulnerable.</i><p>It also affords <i>really big</i> mistakes. There&#x27;s a famous photo, from the original version of <i>The Design of Everyday Things</i>, by Don Norman, that shows reactor control rod controls, topped by beer tap handles, to ensure that the operators can differentiate, because the original design had the same knob, which could make it easy to mix them up.

It’s not terribly difficult in case of financial transactions. Just separate into queueing and executing, with an auto-timer, notifications (email, push etc) and an option to cancel directly from the notification channel (without requiring 2FA etc to prevent hijacking issues).<p>This could be applied to other things, like updating an auth factor (change email for instance). Just notify the old email and queue the operation.<p>Doesn’t solve all the issues but gives humans a chance to counter bots and hackers based on speed alone.<p>The main engineering challenge is to estimate impact of an operation, since it depends on other actions. For instance, exfiltrating $1M in $5 increments should not be possible.

Lots of words and salesmanship to say &quot;maybe put humans back in the workflow for things that require security and safety.&quot;

$90k should not be in an online wallet. It should be in a hardware wallet with a passphrase. If you insist on keeping it in a wallet on a computer then airgap the machine.

I don&#x27;t use and have no interest in using crypto, but I do notice that emails can easily be sent to the wrong person, and very little thought seems to go into stopping this.<p>We have &quot;Do you really want to send this&quot; that doesn&#x27;t even tell you who it&#x27;s sending it to. &quot;Do you really want to send this to X&quot; with a slide lock, and a little box with a brief summary, would be so much better.

I&#x27;ve pondered on this before, but it&#x27;s another place where the counterintuitive spanning of so many orders of magnitude effectively trashes any effort to do this. Any simple solution fails, and not just by a little, but utterly. &quot;Hey, maybe we should slow down our bandwidth so an attacker can&#x27;t exfiltrate our entire petabyte database.&quot; Yup, sure, that&#x27;s great, but the attacker only cares about the most valuable few megabytes, like your customer data and accounting. Any attempt to slow down access to those megabytes is useless, because what&#x27;s the point of petabytes of data with a window of access small enough to make downloading a few megabytes noticeably difficult?<p>&quot;But jerf, we could &#x27;just&#x27;...&quot; Yeah, you could, but you&#x27;re not going to have just one or two &quot;justs&quot;, you&#x27;re going to have <i>thousands upon thousands</i>, and they&#x27;ll end up interacting with each other. You end up having to build an incredibly complicated scheme of labeling the value of everything, and along with getting the labeling wrong, there isn&#x27;t even a correct labeling anyhow.<p>A: &quot;We limit access to the users table because only so many users log in per second and we don&#x27;t want anyone to SELECT * the table and walk off with the whole thing in 2 seconds.&quot;<p>B: &quot;OK, great, well, I have a job here than needs to run across the entire table and send an email to anyone who hasn&#x27;t logged in in a year that we&#x27;re going to cut off their access soon. How long will that take?&quot;<p>A: &quot;Let&#x27;s see... with the current friction on our system, it&#x27;ll take... a week and a half.&quot;<p>B: &quot;Oh, well, that&#x27;s OK then. With the restrictions on how many emails our email systems will send per hour, that system&#x27;s looking at 3 or 4 months to do the job.&quot;<p>You may think I&#x27;m exaggerating the time scales for effect, but I&#x27;m not. That&#x27;s those &quot;orders of magnitude&quot; I refer to. Try to put enough friction on systems to meaningfully slow down attackers and you can easily push jobs into days, weeks, months. Especially if, as I&#x27;m kind of thinking of in this example, all this poor developer has to work with is the <i>leftover</i> capacity for emails, because the throttled rate is already nearly consumed by the normal functioning of the system.<p>(Bear in mind that if you &quot;just&quot; build a back door to let such processes work, that&#x27;s a back door the attacker can walk through, thus defeating the entire purpose.)<p>It&#x27;s a neat idea but it&#x27;s a non-starter if you sit down and start working with the numbers. At most there&#x27;s a few places you could add it and get a specific protection, but as a general principle it is not useful.

Traditional banks know this and use context based authentication for sensitive transactions.<p>Sms based 2fa is a known crummy 2fa. Get TOTP or a hardware token.<p>I feel the article is trying to sound smart by using lofty words when the answer really is simpler.

I don&#x27;t understand what the writer is proposing here. How is slower = secure?

Like add a delay?