It looks like Verisign has answered my prayers. While listening to last week’s Security Now! episode, they revealed that’s Verisign’s PIP OpenID provider that I blogged about yesterday has the option to use a Verisign security token (which includes the Paypal security token). Here’s how you add it:

1) Login to Verisign Lab’s OpenID provider PIP:

2) Click on the My Account link on the right side.

3) Click on “Add Credential” under VIP Credential:

4) Enter the ID on the back of the security token and the current security code from the screen:

5) And you’re done:

On Security Now!, Steve said that you can register up to three security tokens per OpenID in case you misplace one or one dies or you want to keep one at home and one at work (even though that inherently makes it less secure), I don’t see this option on the Verisign site. However, you can also get a crazy cool red Verisign security token or use your Sandisk U3 flash drive (which I coincidentally just uninstalled U3 from mine) from Verisign’s site (once you’ve logged in):

…so now wherever you go that uses OpenID, you can be assured that via two-factor authentication your OpenID will only be used by you.

I’ve talked about how I want OpenID to be my one authentication provider. One account with them and that’s it. I thought I should go over how it works, so…

Here’s how it works

1) You go to a site that supports OpenID authentication:

2) You enter your OpenID URL or XRI:

2) You are sent to *your* OpenID provider. This is the provider specified by your OpenID ID. Usually, it’s in ID itself: claimid.com/xxx, xxx.pip.verisignlabs.com, etc. The provider is not at all specified by the site you’re currently at, since that is pretty much the point of OpenID: you can use any provider you want… even your own.

3) The OpenID provider can do want they want now. If you’re already logged in, they can simply ask you if you want to login to and/or trust the originating site, or they may need to ask for additional information to send to the originating site, or they may simply redirect you back to the originating site, since you’re already logged in. However, if you’re not logged in, they may allow you to login in right there:

or they may force you to intentionally go to their page to login first:

The point is that it’s up to the provider to make that choice.

4) If you successfully logged into your OpenID provider, a cookie is saved on your computer that records that you’re logged into your OpenID provider.

5) You are then redirected back to the originating site.

Now that you’re logged into your OpenID account, any future use of OpenID on any other sites from that computer won’t ask you to login.

OpenID Providers and Supporting Sites

First, you need to sign up with an OpenID provider. Some are pay. Some are free. I use ClaimID, a free OpenID provider, and my blog’s domain which uses Wordpress as the OpenID provider. Verisign has a free OpenID provider as well. The form of the ID created by these services can vary, although they’re generally of the form <ID>.<OpenIDDomain> or <OpenIDDomain>/<ID>. And although it’s definitely not a standard yet, there are more and more sites that support OpenID. However, it is still a little problematic since it can prove you own the ID you claim to own, but it doesn’t necessarily guarantee that you are who you are.

I hate it when Windows applications use non-standard Windows UI and conventions. Sure it may be good for brand recognition of the company but it’s not good for overall user experience. Let me explain…

Inactive Window Focus

With iTunes, if the mouse is hovering over a button however the focus is on a different app and not on iTunes, the button in iTunes does not get highlighted. Even if you click the button, the button does not press… you have to click it once more to actually press the button, because the first click just sets the focus to the app. It’s standard Windows convention that if you have the focus on App A and if you move your mouse onto a button in App B, the button in App B will still highlight.

Then if you click the mouse, App B will take focus *and* the button in App B will be pressed.

And it turns out that the reason iTunes does this is because when iTunes loses focus, it disables all its controls! I don’t know if this is an Apple thing or what, but I’ve never seen this before and for good reason… it’s not user friendly… at all. And isn’t Apple known for their usability and their great designs? Either way, this is not standard Windows application behavior and is unacceptable.

Active Window Focus

As for another strange behavior, iTunes doesn’t show focus rectangles or highlighting around focused buttons at all (except for the eject button next to each device strangely enough) and that’s a real problem. Whenever I click on the eject button next to my iPod device, I’m never really sure if it was pressed or not. I just have to wait and see if the iPod ejects, if I get an error, or if my internal timer times out and then I try again.

At the very least Apple could show an hourglass here so that you definitively know whether the button was pressed and an operation is taking place. Since there’s no user confirmation or notification, the user is left there wondering if their click took or not. All they need to do are a couple of simple things: show us a progress dialog and visually depress the button when it’s clicked… now that would be the bees’ knees.

List Searching

In addition to focus issues, the lists in the music library do real-time search-as-you-type behavior using the last character typed. Most Windows applications use the last word/partial-word typed. Applications get this behavior free when they derive the list from a standard list base class. Because of this, many applications have this version of the feature and I’ve come to expect it. iTunes does not. Like most of iTunes, it’s not using standard Windows control and therefore doesn’t get this behavior free. This doesn’t mean they’re off the hook for not implementing it, it simply means it isn’t available to the user automatically.

What all this comes down to…

…is that if you want your application to run on Windows, you need to realize that your users will be expecting Windows conventions. Not implementing your application according to these conventions just leave your users confused and frustrated. I said at the top and I’ll say it again… If you’re gonna be a Windows app, act like a windows app.

I’ve been talking recently about using TrueCrypt to encrypt your backups to keep them secure while they’re at your off-site backup or wherever they are. So I decided to do a little how-to on doing exactly that. Here we go:

First we need to create the template files. There’s no arguments in TrueCrypt to create new volumes from the command line, so we need to pre-create them.

1. Click the “Create New Volume…” menu item:

2. Choose the standard volume:

3. Choose the location of the new volume:

4. Choose the encryption algorithm (the default, AES, should be ok):

5. Chose the size you want for the volume. You won’t be able to change the size of the volume after it’s created, so make sure you have enough room for the stuff you want to store in here:

6. Choose a password. TrueCrypt really recommends a password with at least 20 characters and then if you add in special characters and mixed case, all the better:

7. Create it!

8. Badda boom! Badda bing!

Now you have a TrueCrypt volume file ready to put stuff into it. I use oneTrueCrypt volume file for each of my main folders:

Recently I wrote a batch file that will make a copy of this TrueCrypt file you just created (so you can use it as a blank template file for all further backups), mount the file, copy in the contents of a folder, dismount the file, and then archive the file to some location if you so choose. You can download it here.

Let me know if you use it and it’s awesome. Let me know if you’ve tried it and it sucked. Let me know if you just don’t care. Whatever. It’s all good. But if you really want to be slick, you should set up a task in Windows Task Scheduler to automatically archive using the script. Pimp.

Scott Hanselman recently blogged about backups. Jeff Atwood recently blogged about security. Often times those things go hand-in-hand. So here’s how I do things:

• I use TrueCrypt to encrypt my flash drive as well as other important data. TrueCrypt is easy to use, secure and free. There’s no reason not to use it.
• I don’t run as administrator… most of the time. After installing TrueCrypt, I can use my TrueCrypt Traveller disk as a non-privileged user and it works fine. The only machine that I still run as an admin is my Snapstream Beyond TV box, but I rarely get on the console to do anything anyway. All the rest of my machines are running with non-privileged accounts.
• I use the No Script FireFox plugin. This is a whitelist/blacklist style plugin so any sites I haven’t explicitly allowed don’t get to run their scripts. And we all know how bad scripting is now.
• My household stores all our data in one NAS device. We don’t have some data here and some data there. It’s all on the NAS. This is really convenient when reformatting any of the PCs since I don’t need to save off any data first. Also, when backing up I just need to backup this one device and I’m done.
• I store my backups off-site. I have an external USB hard drive that I bring home once every couple months. I put the data into a handful of TrueCrypt volume files, copy it to the drive, then bring it back to work.
• I don’t use Anti-virus. It’s slow, it barely works and when it does work, it’s only for known viruses. But when I do need to scan something I just upload it into a new mail in Yahoo as an attachment and Yahoo scans it for me. Bam, virus scanner on demand.
• I don’t use virtual machines. Not because I don’t want to, but because you need to buy an additional license for your OS to use it in a VM. This may not be an issue for you open source guys, but it is for us who use Windows… and it ain’t cheap.

So there’s my grand strategy. What yours?

I recently posted on when you should and should not use ellipses on buttons. Well, I forgot to consider one more case: launching external applications:

In the case of the dialog above, the “More Smart Tags…” button launches a web browser and brings you to the Smart Tags page on the Microsoft Office site. In my previous post, I would have considered this to be action button rather than a sub-dialog button and would therefore not use an ellipsis, but Microsoft seemingly disagrees. So what is the correct thing to do here?

In Microsoft’s Windows Vista User Experience Guidelines article on Command Buttons, they state:

Indicate a command that needs additional information (including confirmation) by adding an ellipsis at the end of the button label.

I mostly agree with that (except for the part on confirmation (I consider that part of the action itself)). So commands that need additional information (read sub-dialogs) need an ellipsis on the label. Good.

But then this:

This doesn’t mean you should use an ellipsis whenever an action displays another window—only when additional information is required to perform the action. Consequently, any command button whose implied verb is show another window doesn’t take an ellipsis…

So buttons or menus like “About” and “Options” shouldn’t have a trailing ellipsis. I could almost go along with that except that:

1. it’s inconsistent to have some sub-dialog commands have the ellipsis and some not
2. verbs on commands may not be obvious in what they imply
3. the users now need to interpret the meaning of the command and whether it will lead to an immediate action or a sub-dialog.

Do we really want to leave this up to the users to decipher this algorithm of how ellipses work or do we want to use a nice, consistent, unambiguous standard?

So back to the original question of whether external application buttons should have an ellipsis. If we break down what the “More Smart Tags…” button actually does, it’s more of a Go-to-Smart-Tags-webpage button. It doesn’t bring up a sub-dialog in our application; it performs an action. It’s an action button. If it was difficult for the user to distinguish between the launching application and the launched application, that might be a different story, but nowadays who doesn’t know what a web browser is? So if we redesigned the AutoCorrect dialog, we’d probably have something more like this:

Ah, much better. All three buttons perform some action and now they all look similar too and that’s a good thing. No more interpretation. No more deciphering. Everything’s clear at a glance.

We want our applications to be unambiguous. We want our applications to be inviting. We want our applications to be fun. So, as Microsoft says, if we do our jobs right then:

The visual cue offered by an ellipsis allows users to explore your software without fear.

And with my suggestion above maybe we could even add: “and without confusion.”

TrueCrypt is an open-source encryption program that lets you encrypt collections of files into a TrueCrypt volume or let’s you encrypt your whole USB flash drive. You can even set it up to leave no traces or hint of TrueCrypt for some nice plausible deniability.

I currently use it to split my 4GB flash drive into a 2GB TrueCrypt volume to store my financial data, code and other stuff I don’t want other people’s mitts on and then I leave the other 2GB unencrypted for things such as videos and other files that I don’t want to have to force through TrueCrypts on the fly decrypter.

When I plugin my flash drive, TrueCrypt auto starts:

…and then asks for my password:

Then it’ll mount your TrueCrypt volume as another drive on your computer:

After that, you can use it the exact same way you would any other drive. Everything you do on this newly mounted drive (note: T is the encrypted virtual drive and H is the USB flash drive in this case) is actually run through TrueCrypt and encrypted/decrypted on-the-fly before being read from/written back to your TrueCrypt (*.tc) file.

This allows you to do some other cool things such as:

• Put all your data into a TrueCrypt volume before backing up and storing off-site. Maybe even with some batch file goodness.
• Safely use a service like Mozy so that your data won’t be super exposed when travelling over the world wide web.
• Deny any involvement when the KGB has you and your flash drive and is about to start pulling teeth.

And coincidentally I’ve done all of those…

I’ve blogged about how important consistency is. Well, here is yet another case:

If a button takes you to another dialog, put an ellipsis on it:

If a button simply performs an action, no ellipsis:

Just save those glorious ellipses for when they’ll be needed again. And if a message box is required to confirm the action, no big deal. The main point of clicking that button is performing the action.

But what I find vomitous is how often applications get this wrong or are just plain inconsistent about when they do it and when they don’t… even on the same dialog:

So I beg you, I plead you. Watch your ellipses!

…

When do you use the ‘OK’ button and when do you use ‘Close’? Does one imply something that the other does not? Since changes to the current dialog aren’t saved until you click the ‘OK’ button in the OK/Cancel button methodology, does the same hold true for a single OK button?

What about the ‘Close’ button? Are changes not saved until you click ‘Close’ or have changes been constantly saved the whole time?

What’s worse is when you start considering the red x button in the title bar. If the dialog only has a close button, you can reasonably assume that it does the same thing as the ‘Close’ button. But what about when it has an ‘OK’ button? Does the red x act as the missing ‘Cancel’ button, or is the red x just another ‘OK’ button then?

What a mess.

Let’s start by reviewing some examples. Here’s a dialog that lists the restricted sites in IE:

You can add and remove URLs to and from the list. Easy enough. You presumably click ‘Close’ and then the list starts being used by IE. Presumably. I could test it to make sure, but that’s the point. I don’t know for sure.

Next, let’s look at the dialog I used as the OK dialog example:

This dialog is pretty similar to the one we just reviewed. You can add and remove URLs to and from the list, but in this case you also specify if they should be allowed or blocked. Still not that hard. However, in this case you click ‘OK’ when you’re done. Since I’m an experienced Windows user, I know that my changes aren’t saved until I click ‘OK’. However, usually there’s a ‘Cancel’ next to it. Hm… I’m a little confused, but I’m still thinking that my changes aren’t saved until I click ‘OK’.

So in the first example, I (the user) had to guess what the ‘Close’ button did and in the second example I assumed what it did. However, in both I didn’t know for sure.

We never want users to have to guess how our dialogs work. It should be blatantly obvious. If that’s difficult or even impossible to do, at the very least make the dialogs in your application behave and look consistent. That’s the number one thing I preach to others and try to do myself.

But back to the point at hand…

Here’s a third example. In this dialog, you can import, export and completely remove certificates from your system:

If you the user are not familiar with how certificates work, you may assume that you can import, remove, import, import, import all you want and nothing actually happens until you click that ‘Close’ button. Oh, how mistaken you would be. After you click the ‘Import’ button and finish importing a certificate, it’s on your system, baby. IE isn’t waiting for you to click that ‘Close’ button. It doesn’t care. That certificate is imported.

So now we have two dialogs that don’t save changes until you finish your work, and one dialog that saves changes the whole time…

…and they’re not sticking to any convention.

The first and third dialogs use a ‘Close’ button and the second dialog uses an ‘OK’ button. So here is what I propose to you: You should always use ‘Close’ when there’s no option to cancel. ‘Close’ simply means that: close the dialog in it’s current state. Don’t revert anything. Don’t make any other changes. I’m satisfied with how things look in the dialog right now. Clicking the red x isn’t a secret cancel shortcut. It just closes the dialog as well.

It may still be a little unclear if the dialog uses an immediate commit model where saving is done immediately throughout interaction with the dialog or if it uses a delayed commit model only when you click the ‘Close’ button, but now there’s at least one less thing the users have to deal with. Maybe we can tackle that problem in the future.

But anyway, all that is just my opinion…

…when do you use ‘OK’ and when do you use ‘Close’?

From SecretGeek.net:

You do not have to comply to every standard, achieve the perfect balance between maintainability and performance. Usability and familiarity.

How true. Maintainability often means better organized, more object-oriented (in most cases) and more abstracted code which in almost every case means slower code. But how about his second point…

Usability vs Familiarity

Are these two really competing objectives? Lets break it down. Familiarity in applications is when a user has seen a concept in the past and therefore is more comfortable with it. Usability in applications is based on how well the user can use the product. That may include prior experience and training or may not.

So can an application be both usable and familiar? Of course it can! But can that be difficult to achieve? Of course it can! Let’s dive into some examples…

Familiar, Not Usable

There are many examples of familiar, but not very usable applications. Microsoft Word has been around for 25 years now. Everyone knows how to use it:

You type text. You select text. You hunt through every menu until you find the option you want. After 25 years of bloat and feature creep, it became a little unbearable:

Usable, Not Familiar

That’s what lead to the design of the ribbon:

Of course the ribbon is at this point in time an example of an unfamiliar, but very usable concept. At first glance of the ribbon, I pretty much had no idea what to do, and I’m sure I wasn’t the only one. However, one great feature of the ribbon is that it’s discoverable. After a little playing around, you totally get it.

Familiar AND Usable

And what’s great about it. In the not too distant future, for most people the ribbon will be both usable and familiar which is the goal of UI design. Where I work, we’ve already started throwing around the idea of using the ribbon. It’s simply a great concept whose time has finally come. Dealing with thousands of options can be pretty agonizing, but having a tool like this to easily group and dynamically resize the groupings when the application itself resizes will be a boon to my group.

However, the ribbon won’t solve all of our UI woes. So if it took Microsoft 25 years to finally get to a good interface…

…what chance do we have?