Before I knew it, the Airport Extreme installer had found the settingsincluding the security settings, WPA2 key, etc.from the existing router and the settings that were already on my Mac. Next, the Airport rebooted and was up and running with the old routers SSID, WPA2 key, and such.
No, this isnt intended to be an advertisement for these two Apple products, really. My point is that someone (at Apple) clearly understood the use cases associated with these two devices. Id seen this sort of thing many times with other aspects of software and product configurations, but rarely when it comes to security-related features.
You see, with use case analysis, you create a storyboard describing how the user could/should make use of a product, application, etc. You describe how the process ought to work. Then, you look at each use case and build it into the software design.
Were not talking rocket science here, but applying this process to security features and settings can go a long way to making our users lives easierand more secure at the same time.
Without even trying to do things securely, my Touch and my Airport Extreme are both configured to operate in a secure state. Turning on the secure mode email and Wi-Fi settings didnt even require me to check a single box, press a single button, or any such action. Both products installed securely the first time, because the software designers understood the sort of use case that mattered to me.
When did you last encounter a product that made things that simple to do the secure thing?
My experience is that this sort of thing is all too rare these days, and that shouldnt be the case. We ought to be making things simple and easy to be secure. We shouldnt require our users to know the difference between, say, WPA2 Enterprise, WPA2 Personal, WPA, and WEP. Leave that knowledge to the security techies, and make it easy for the user to make the secure choice.