I’m not sure that usable security is possible. In general, it’s the pattern that security requires less than ideal user experiences. For example, being emailed your password when you forget it would be “nicer” than getting a password-reset link, but requires breach of server-side best practice; not having to use a password at all would of course be the very easiest and least secure “solution” for authentication; the most secure measures require two-factor authentication and are necessarily the most annoying.
The observation of this pattern is perhaps obvious, but important.
The observation of this pattern is perhaps obvious, but important.