Improving Linksys' Security Dialogs
Or, "How to Save Linksys $25 Million in Support
Costs and Save the World Along the Way" January 1, 2005
In May of 2004, I embarked on an odyssey
to install wireless networking at home and reported
on the continuing and utter failure of the software industry
to correct its evil ways. Seven months later, with my blood
pressure nearly returned to normal, my doctor has finally OK'd
me to work again on my computer. In celebration, I will
attempt to implement a single security feature on my network.
The usability implications? Well, let's just say that wireless
networking is not the place to look for good news.
The feature I will activate is called MAC filtering. It lets
you ensure that only certain computers, ones you identify by
hardware serial numbers, can access your wireless network.
I want to activate
it because everything I read cautions that the vast majority
of home networkers implement only the default security and
this is a dangerous state of affairs.
(Before we get too far, I emphasize for the benefit of the
uninitiated, that though sometimes dense, I am not dumb.
I can solve cryptograms without a writing implement, taught
myself 6502 assembler programming, rebuilt a car engine with
little more than a butter knife, and happened to have installed
about 100 multi-user computer systems in the days when you
had to wire stuff yourself. Now with those capabilities,
a single network option should be possible, right?)
Those who issue these
cautions also seem to be surprised that users could be so
careless. They must wonder, is it because users like living
dangerously? Or because users just don't understand the
risk? Well, did the finger-waggers ever consider that turning
on such a simple feature might be the hardest god-damned thing
to do in your entire life(?)... that it might never occur in
the average installation because:
- ... the documentation is really,
really bad. It repeats every
mistake made in software documentation since the dawn
- It provides a monolithic PDF document instead of
- The monolithic PDF document provides not answers
or procedures but reams of reference-wise descriptions
of the things one already sees on the screen. This is
the most predominant of ALL DOCUMENTATION FAILURES throughout
the entire industry, mistaking gibberish (fluff, actually)
for authentic value.
- The descriptions are all circular
references built on terms meaningful only to those
who don't need
information in the first place.
- The reference information fails to direct
the user to the useful procedures, those either buried
on the website as "FAQs" or incidentally shoveled into
- The documention completely ignores the issue that the
addresses you need are actually those of the network
cards, not the MAC Addresses shown on your remote computers'
- Not until
you get to the procedure, buried in the FAQs, do you
the required addresses for you. Having been frustrated
by using the wrong address, I even resorted to opening
my remote computer (!) to see if it had a different identifying
number on the wireless card.
- ... the software interface sucks even worse,
repeating every mistake made in user interface design since
- It uses industry nicknames ("MAC Filtering")
instead of descriptive labeling. The goal of user interface
design is to eliminate the need for training (Bellis's
Law). If anyone thinks the industry nicknames are important,
make "Expert Wording" a non-default option. It's 2005
for crying out loud.
- It uses inaccurate wording that exactly matches items
you see prominently elsewhere in the interface ("MAC
yet these are not the items you need to supply. (You
need to find "physical addresses.)
- For complex functions it uses terse labels (lacking
critical noun/verb combinations), so they fail to accurately
identify the critical action they
The button, "Wireless
Client MAC List" actually opens a panel that automatically
identifies the MAC addresses on your network.
- It uses function cues that fail to accurately indicate
the nature of what they afford. Notice in the image below,
the "More..." link. It leads to their Help info, yet
it looks like it could lead to functionality. That's
if you notice it at all. The menu items are OK without
underlines or buttons because the user expects them to
navigate... but the More link is almost hidden.
- It mixes up methods for labeling the secondary navigation
and page names. As a newcomer trying to unravel the wireless
world, you have to really study the left nav and section
names on various pages to figure out what the subordination
of options really is. The problem is that the 2nd and
3th levels of groupings are mixed up on various pages.
The sad part is that these problem are almost all fixable
with simple review and rewording. The functionality is awesome.
It's the words that need work. And don't get me wrong... no
one could have designed this interface better on any first
attempt. Anyone's design—mine, yours, Linksys's—needs to be
up from real use. Below are my real-use fixes.
Aside from the bigger, political fixes (hire and use UI/usability
experts, spend the time and money for serious docs), are there
simple common denominators to the UI fixes? Yes:
- Be explicit.
- Be perfectly accurate.
- Embed the instructions right into the interface.
- Strip out parallel words ("wireless").
- Use a noun and verb in function labels.
- Eliminate the decades-old propensity for terse labels,
especially in an infrequently-used beginner's system of complex
- Make sure clickable items show up as such.
- Position controls as close as possible to the items they
control (the upcoming Bellis's Law of Control Proximity).
The Per-Computer Security List
The View/Detect Addresses Page