I'm sure this has been considered before but I just wanted to put my thoughts out and try to improve the user experience.
I bought a Neo some time ago and it has taken me quite a while to figure out how my Neo works and become comfortable using it. This is largely because I just wasn't familiar with the technology when I first bought it, but the administration workflow could definitely be improved without compromising any other interests. I configured my key on Windows with GUI but I assume (read "hope") the utilities are the same, or at least similar, on other platforms and that configuration is fully script-able from CLI.
Three problems:
- I think that the administration logic for the Yubikey Neo might actually be fairly intuitive for people who are already familiar with the technology and security concepts but I was not one of those people. After reading through the "start" page, skimming my product's user manual, and reading at least a dozen tutorials and descriptions for specific use cases, I was still finding new information about my product. How the slots work, the different modes, the relationship between PIV and CCID, how NFC works, radius integration, etc... It seems as though all of this information is organised into a few logical groups, like the site's "developers" section as contrasted to the "knowledge base" articles. I had to read through practically everything just to figure out how the Yubikey works in general. This isn't a huge problem but something to be aware of as more information is added and the website expands. I didn't even know there was a user manual until I spent days looking through old knowledge base articles...
- The main problem I encountered was actually what cleared everything up for me-- the software utilities. Looking through the software interfaces really helped solidify the information for me, like a hands-on tutorial, but this was at least a week after I actually got my Yubikey. Admittedly, I didn't have a whole lot of time to figure things out but the problem is that I couldn't find all of the software! Currently, I have installed the following...
- YubiKey Manager 0.3.0
- YubiKey Personalization GUI 3.1.24
- YubiOath Desktop 3.1.0
- YubiKey PIV Manager 1.4.1
- Gpg4win 2.3.3
I know there is more software that I either could not find or did not need. I am not sure that I have the most recent versions of any of the Yubico software. All of this software came from different places (i.e. the links were on unrelated pages) and I learned that it existed from different places (mostly knowledge base articles, developer section info, and third-party blogs) while trying to figure everything out. This is obviously a mess. I do appreciate the modular nature of having separate applications/utilities but there should be a central registry so people know (1) what's available, (2) what versions they should be using, (3) what the signatures/checksums should be, and (4) what exactly these programs can/cannot do.
- The logic inside of these programs is also problematic. They are quite simple and seem to include all the appropriate features but I believe there are two specific problems in terms of user experience:
- The programs don't explain the settings well enough for those of us who aren't security experts. The tutorials on the Yubico website are nice and clear so this is probably fine for now but please consider adding tool-tips or a thin element at the bottom of the GUI to display tool info on cursor hover. There are currently informational buttons (only) in the Personalization Tool but they do not provide enough information to explain the significance of their subjects, they seem to be more targeted toward explaining the specific cryptographic capabilities of the YubiKey. I definitely recommend expanding this information to account for less technical users since it wouldn't be difficult and it wouldn't get in the way. Put the short, technical description up front and then begin a more general description for users like myself. People who understand the basics wouldn't need to read it.
- Some of the programs allow for passwords, PIN, and PUK, as well as management credentials. I have figured out what all of these do and how they differ but it is very unintuitive to new users. Some of these fields do not give any explanation and require web research, many of these fields only apply within the scope of their specific software utility and have no relation to the YubiKey itself or any of the other utility programs. This was not a problem for me but it could easily cause problems for users who do not take the time to read everything carefully and document their configurations thoroughly. I imagine the current state of a result of software being added to support new features, which might not be available on all YubiKey models. Again, simple tool-tips or informational buttons would definitely improve the situation.
Again, this was just my experience but I hope my feedback is useful. I would like to see Yubico expand and proliferate secure computing across the consumer and small business markets. Questions and comments welcome.