In the cybersecurity community, there is the famous AviD’s Rule of Usability that states:
Security at the expense of usability comes at the expense of security.
Even though it is more and more known and applied in the the cybersecurity community, I wonder if it’s the case in the UX community.
Hence my question: Is there well known UX guidelines or recommendation to design UX that mandate to make the most secure choices the easiest choices? Is this the norm, or marginal? Please provide references if possible.
Second related question: Do those UX guidelines or recommendations ban the use of misleading “secure” display? For example, it is easy to display a padlock icon, or add a statement like “verified by an antivirus” at the end of email, to fool users in a sense of security, even though malicious actors could add them too (and many do so).