Say someone advocates that we should force 2FA at login time, hurting usability. They have a solid argument: "shouldn't we care about our users security?" Or say we're trying to decide scope before an upcoming launch, and an accessibility feature is cut out. Someone says: "shouldn't we care about color-blind users?" This is usually my cue to pull out a tongue-in-cheek Israeli saying: *“it’s better to be rich and healthy than sick and poor”*. That is to say: of course! If we can do security without compromising usability, it's no brainer! If we can ship the a11y features and stay on schedule, let's do it! But if that's not the case (and it rarely is), then the onus is on the person making the suggestion to articulate the tradeoff and say with conviction "the usability hit is worth it for the extra added security" or "we're better off delaying the launch by X weeks for accessibility". #published 2025-02-08