Who (Designer or User) Should be Resposible for the Correct/Secure Usage of a Tool Intended for Developers/Admins?

There is a healthy debate around a series of stack overflow posts that refer to the "RunAs" command. Specifically the discussion is in reference to design decision that the folks at Microsoft made a long time ago, to users of this command to enter the users password in one specific way, Raymond Chen accurately summarizes one side of the argument quite clearly:

The RunAs program demands that you type the password manually. Why doesn’t it accept a password on the command line?

This was a conscious decision. If it were possible to pass the password on the command line, people would start embedding passwords into batch files and logon scripts, which is laughably insecure.

In other words, the feature is missing to remove the temptation to use the feature insecurely.

If this offends you and you want to be insecure and pass the password on the command line anyway (for everyone to see in the command window title bar), you can write your own program that calls the CreateProcessWithLogonW function.

I’m doing exactly what is being suggested in the last line of Raymond’s comment, implementing my own (C#) version of this application that complete circumvents this restriction. There are also many others who have done this as well. I find this all quite irritating and agree with sentiment expressed by @AndrejaDjokovic who states:

Which is completely defeating. It is a really tiresome that idea of "security" is invoked by software designers who are trying to be smarter than the user. If the user wants to embed the password, then that is their prerogative. Instead all of us coming across this link are going to go and search other ways to utilize SUDO equivalent in windows through other unsavory means, bending the rules and wasting times. Instead of having one batch file vulnerable, i am going to sendup reducing overall security on the machine to get "sudo" to work. Design should never smarter than the user. You fail!

Now while I agree with the sentiment expressed by Microsoft and their concern with "embedding passwords into batch files" (I personally have seen poor practice myself way too many times), it really does strike me as wrong what Microsoft has done here. In my specific example I’m still following best practices and my script won’t store credentials, however I’m forced to resort to a workaround like everybody else.

This decision really follows a common pattern at Microsoft of applications acting in ways that are contrary to the needs of the specific users with the intention of "helping" the users by preventing them from completing a action that is viewed as unfavorable. Then obfuscating or purposely making the implementation of workarounds more difficult.

This leads us to a broader question, extremely relevant to this issue, who is the true responsible party when it comes to security around credentials, the user of the software or the designer of the software? Obviously both parties hold some responsibility, but where is the dividing line?

When you create tools for other developers should you seek to the best of your ability to prevent them from using your application in an insecure manner, or do you only need to be concerned about the application itself and whether it’s secure internally (irregardless to how the user invokes it)? If you are concerned about "how" they are using your application, to what extent do you need validate their usage (example: should "RunAs" fail if the system is not fully "up to date" i.e. insecure in another way), if that example seems far fetched, then define that line, in the case of "RunAs" the intention is quite clear, the developers who created it are not only concerned about managing credentials securely internally with their application but also care deeply about the security implications of how you use it. Was their decision correct in validating the usage in this case, and if so/or not where should that dividing line be for the applications that are created in the future?

We are the Best Website Designer in Miami

We take pride an exceptional amount of pride in the quality of the work that we do. The size and scope of the project does not matter. Every job is handled with a high amount of care and professionalism, to ensure that we create some of the best quality websites on the market.Our focus remains on creating high quality websites to meet the demands and requirements of our customers, and because of the care that we take in ensuring that all sites are created to meet the exacting standards, we continue to attract more clients regularly.

Our continuous design process includes multiple revisions, that are implemented within 24 hrs. We will rework your site so that you are satisfied. It is an impressive open source blogging platform that has gained immense popularity in the field of website development due to its out-of-the-box features and ease of use. At wordpress development services miami involved in extending the functionalities.

We have designed hundreds of websites in almost every business imaginable, as we have been in the business for almost two decades, and it is easy for us to understand your needs and translate them into a functioning website.

Is it crucial for a UX designer to learn the principles of Object Oriented Programming?

As a designer and sometimes coder myself, I have been exposed to the idea and principles behind Object Oriented Programming, and having a knowledge in this area definitely helps when it comes to conceptualizing screens for proposed software applications. Developers would immediately get the gist of the screens.

I’m curious though if the knowledge of a designer of OOP would have a big impact when it comes to User Experience Design? What kind of scenarios would it be a huge factor in the effectiveness of a design? Are there any instances where it is?

Is it crucial for a UX designer to learn the principles of Object Oriented Programming?

As a designer and sometimes coder myself, I have been exposed to the idea and principles behind Object Oriented Programming, and having a knowledge in this area definitely helps when it comes to conceptualizing screens for proposed software applications. Developers would immediately get the gist of the screens.

I’m curious though if the knowledge of a designer of OOP would have a big impact when it comes to User Experience Design? What kind of scenarios would it be a huge factor in the effectiveness of a design? Are there any instances where it is?

Sharepoint Designer 2013 authentication problems

My company uses O365 SharePoint sites that I would like to be able to edit using SharePoint Designer 2013, however I am experiencing some problems making it work. I open SharePoint Designer 2013 and I go to Account and click on Add a service, then storage and select the option for Office 365 SharePoint. I am then asked for my email address, which I provide. The next screen asks for my password, which again I provide. Once that is done I see that 2 services are added, OneDrive – My company name and Sites – My company name. Both these entries state that to connect I’ll need to provide my user name and password. So I click on the connect button and it brings up a sign in window, already populated with my email address as the user ID. When I enter the password and click Sign in it fails with a pop up error message saying “The username or password for Sites – My company name isn’t correct. Please try again”

I know the password is correct, and I’m not the only user experiencing this exact same problem. Can anyone explain why this would be and how to fix it?