Professor Audun Jøssang has formulated some useful principles for security usability. I wish more people would reflect on these, and what their practical implications are for the systems and web pages we offer our users today. And I really wish Facebook would read them.

The rough statistics for usability is

  1. 35% of the people will understand, almost no matter what you write or do
  2. 40% will have cognitive challenges at some times
  3. 25% do have special challenges understanding

Given this, and the fact that most web sites aim at the population at large, we really need to rethink the mental load we place on our users.