It's interesting to see the security decisions decided by companies. Some value security over usability which can do more harm than good.
Two examples...
Example one: forcing users to manually type their password
A bank I use does not allow me to autofill my password when I log in. I have to manually type it. That's right, I can't even copy and paste. I have never seen this before.
As you probably know, it's good security to have a unique password per account. To do that, you need a password manager as you can't possibly remember them all. If you're using a password manager, it's good security to create super secure passwords that are long, alphanumeric, upper and lowercase and contain special characters.
This bank instead is likely making users use weaker passwords so they don't have to jump through hoops to type out their complex passwords. It's insane!
The funny thing about this whole situation was that I didn't realize that it was erroring when I first set up my account due to it not accepting my autofill. There was no notice about that, it just said my login failed. I thought my password was wrong somehow so I called the bank to reset my password. If that's not poor user experience, I don't know what is.
Example two: forcing users to manually type in their credit card number
An insurance company I use requires the users to manually type in their credit card number to add their payment details, even after the user has authenticated into the platform.
Not as inconvenient as the first example but worth mentioning.
Why?
I stop and wonder…
Is this so-called "increased security" really all that better?
Is this so-called "increased security" really all that better?
Is it worth reducing the customer experience?
Why don’t security frameworks or other companies follow these principles?
Why don’t security frameworks or other companies follow these principles?
Who thought these were good decisions?
To me, they are decisions that go too far in the security direction and create a worse usability experience for customers.