Comment by novok

Security is often an excuse to block other teams to do legitimate work and so often it's fairly braindead. Security IMO needs to get it's act together, passkeys is a great example of security gone wrong from a UX design perspective because you can't hold them to the same standards as product or infra teams, they have the special privilege of breaking things and it increasing their metrics.

Tell them to make a better UX and they lose their minds in a huffy puff of fake crisis mode or get avoidant with stonewalling 'secret security stuff' that you can't hold them to account for. Or eat 50% of developer machine performance for "endpoint security" and the carnival of sadness goes on and on.

Signal is an example of security as a product that was actually designed for user UX in mind to give one example.