So security, obviously, and authentication, these are complicated topics, and they are complicated to engineer, they are complicated to explain. But I think, for security to be effective, and maybe this sounds a little too simplistic but bear with me.
For security to be effective, it needs to be used, and for good security practices to be used, they need to be nice, they need to be elegant, they need to be clear.
If you are a security engineer, you are gonna say "who cares about being nice, it needs to be secure", yes! It also needs to be nice! […] You need to understand that being nice is just as important as being secure, because if it's not a nice experience, people are just not gonna care and they are not gonna use it, and they are just gonna click "OK" and they are not gonna know what it means. So, is it really more secure… if it's not nice?