I attended a presentation at FOSDEM this year entitled “Bad UX is bad security” and the main idea that I took from this presentation was “sometimes it’s interesting to add frictions in some UX to force users to take a few time to think about what they are doing”. One of the example the presenter was using is a pop up that shows up for confirming something and that users never read and they just click to proceed.
I caught my attention as this is the kind of thing we do have a lot in XWiki: I can think for example of all checks we have to force edition: force locks, force edit when the page is part of an extension, force retry request in case of problem with CSRF token etc.
I was thinking that maybe we should try to put a bit more frictions in those UI to make sure that people are taking the time to actually read the message and just not blindly click “force”. The first idea that came in my mind for this would be to not enable right away the button to force the action, but to have a small timer, that we would display, and that would enable the button only after e.g. 5 seconds.
So what do you think about the general idea of making a bit less easy to click on the primary button for that kind of important decision in XWiki? Would be interesting to have @tkrieck opinion on that.