Asking For Administrator Passwords.

One of these days I should make a bug report to Apple about how Mac OS X asks for administrator passwords... I have come up with this idea before, but I don't think I have made a bug report of it before.

The problem is that the Mac tells what process wants the password, but there is never a reason presented for why it wants it. I think developers need to provide the operating system with a reason to report to users before the system should allow the developers' software to obtain an administrator password. This will enable users to decide whether or not to give the system administrator access.

But of course, the operating system cannot verify these messages to users without some hefty artificial intelligence and expensive analysis before using that data, so they cannot deal with issues where applications lie about the reasons for asking for administrator passwords. While operating systems cannot tell when an application presents inaccurate user messages (ie., lies) for users to reason with, users may pick up on other cues to assist in trusting the applications, such as when and in what context a dialogue appears asking for administrator passwords, or that the inaccurate messages presented are too unbelievable to be reliable. In either case, relying on human intelligence to trust or not to trust an application for elevated privileges is nothing more than a game of Russian Roulette, with possibly disastrous results.

This is a difficult problem to solve because it becomes an experiment in social engineering that is not guaranteed to be successful, and so why burden programmers with the responsibility of providing data that cannot be tested by the system before delivering it to users?

Because it is more likely that responsible programmers will provide helpful messages to users in addressing this concern. Programmers that don't provide the messages or are discovered to lie about the reasons for elevated privileges are causes for users not trusting their software, reducing the reputation of the products used. And that's reason enough for all programmers to have this burden.

—tonza