The golden rules of software (part 3 of 3)

4 min readJul 2, 2021


Businesses spent over a trillion dollars on enterprise software and IT services last year, with a healthy forecasted growth fueling an otherwise flat IT market.

You might expect this investment would be producing better and better software, but every day you probably experience the reverse. Cryptic error messages, confusing flows and plain old software crashes seem as inevitable as death and taxes.

But they don’t need to be. The difference between disappointment and software people love to use boils down to just five golden rules.

In previous posts, I discussed the fundamentals of understanding your user and creating a consistent and performant experience. In this final post, we wrap up balancing the needs of the head (pragmatic security) with the heart (user delight).‍

Rule №4: Be Secure (Yet Practical)

Data is digital, and digital data is vulnerable. Personal data, corporate secrets — it’s all fair game for cybercriminals. It doesn’t matter how performant or user-centric your software is if it exposes sensitive information for pilfering.

That said, you need to strike a balance. Security is not a yes-no question; rather, it’s a compromise between risk and return. All security creates inconvenience. The question is whether the value of what you’re trying to protect justifies the trouble. If you’re designing a banking site, you can justify almost any amount of security: strong passwords, captchas, two-factor authentication. But should you ask the user to enter a two-factor code to check their gas bill? That’s harder to say.

Sometimes the right move is to loosen up a little. In the early days of the internet, when most people worked on large monitors, leaving a password visible was unthinkable. Developers always made sure it was hidden behind dots as you typed. But with the advent of smartphones, obscuring passwords was often more trouble than it was worth. Tiny touchscreen keyboards made typing mistakes more common and harder to catch when users couldn’t see what they had typed. At the same time, applications were demanding increasingly complicated passwords with numbers, upper and lowercase letters, and special characters, making mistakes even more likely.

Users grew frustrated, and businesses felt the pain, too. At one utility I know of, more than 80% of support calls had to do with username and password complaints. Most of the time, the customer had left the Caps Lock on or were just mistyping one character. As the number of these simple errors increased, so did support costs, giving businesses an incentive to find some middle ground.

The result was the now-familiar “eye” icon, which allows users to reveal the text in the password field, letting them decide how much risk they’re willing to take. They might leave the password obscured on a crowded train, but reveal it at home where the risk of snooping is lower.

There is no simple answer as to how much security an application needs. In the end, you have to be guided by what’s best for users, which once again means understanding who they are, how they’ll be using the product and what sort of balance you can strike between security and convenience.‍

Rule №5: Be Delightful

Aesthetics matter. Software design doesn’t need to be groundbreaking or conspicuously pretty, but users will notice a dated look or one where it’s clear the developer doesn’t know what arrangement of fonts, colors and shapes appeal to the eye. When you get it wrong, users have a visceral reaction they probably couldn’t explain if you asked them. It’s the way we humans are wired to favor certain visual combinations.

You can design a brilliant navigation layout for an e-commerce site, for example, but if the colors are loud or clashing, the user will be less likely to complete the purchase. This is due to a well-documented phenomenon called the aesthetic-usability effect, in which people perceive pleasing designs to be more usable than displeasing ones. You still have to make your site usable, but users are more likely to stick around and complete the buying process if you pay attention to appearances.

Ugly design hurts more serious applications as well, diminishing users’ confidence and willingness to use the software. The principle that “you catch more flies with honey” applies as well to software as it does to conversation.‍

In Closing

That’s all there is to it. Every delightful app you’ve ever used has probably followed these five rules. Every slapped-together software monstrosity you’ve ever encountered has likely broken a few.

The reason bad software persists is that, like anything worth doing, adhering to these rules takes work. But if software is truly eating the world, then the quality of that software matters. It’s not just a question of selling more widgets. As we saw in 2018 when poor software design contributed to a nuclear panic in Hawaii, bad software can have world-changing consequences.

If you don’t work for a software company, this might feel like someone else’s problem. But today, just about every bank, utility, retailer, government agency and even nonprofit organization is also a software company. You depend on great software to serve your customers, employees and mission. Life is too short for crappy software. That’s why it’s more important than ever to remember the golden rules.

Originally published at




100% US-based Agile developers, designers and strategists who create great software for enterprises and tech companies.