Designing security warnings

Microsoft released some interesting rules for deciding when and what to display to users in case of a security warning.  Microsoft proposed two nice acronyms.


A security warning should be Necessary, Explainable, Actionable and Tested (NEAT).  In other words, the designer should only present a security warning to the user if the user is needed to make a decision and that it could be precisely explained to the user.

Explaining a security warning is a difficult task.  Thus, Microsoft proposed another acronym.  The explanation should clearly explain the Source of the issue, the Process that the user may follow to solve, describe the Risk, Unique to user (with his/her context), offer some Choices and give Evidence (SPRUCE).

A nice initiative.

Leave a Reply

Your email address will not be published. Required fields are marked *