28 Mar
2017
28 Mar
'17
11:08 p.m.
I suggest making sure your UI follows the pricinples outlined here:
User Interaction Design for Secure Systems http://zesty.ca/pubs/icics-2002-uidss.pdf by Ka-Ping Yee
for example: "Path of Least Resistance. The most natural way to do any task should also be the most secure way."
Does your client support revocation? Ka-Ping Yee says:
"Revocability. The interface should allow the user to easily revoke authorities that the user has granted, wherever revocation is possible."
cheers,
David