By Larry J. Hughes, Jr. (larry.hughes@infosecintrospect.com)

I recently purchased a home safe by Sentry. I have no illusions about it being theft-proof. I mainly want something reasonably childproof, fireproof and waterproof.

It came with the kind of installation instructions I hate most - ones with words. This one had plenty. Since I was forced to read several pages worth of six-point font, I decided to don my naive user hat and keep score.

• Nowhere does it explicitly state that the instructions apply to at least four different models. I deduced it after finding four candidate starting points, including the one on a separate sheet labeled “Attention!” My safe bears no visible model identifier. (Maybe it was on the box the delivery fellow hauled off.) Anyway, mine is the “advanced” electronic model due to it having a dual-function prog/enter key vs. the single-function prog key.

• One of the four candidate starting points ominously states “Changing the combination voids your warranty.” One of the four tells you (correctly) that you must remove a set screw before first use.

• None of the steps are numbered. References to other steps, including forward ones, are made textually.

• The first few times I typed the combination, it timed out because I didn’t press the trusty prog/enter key. The basic model’s prog key needn’t be pressed after entering the electronic code. Upshot being that the higher price and the extra key press each time you open the safe are the prices you pay for advanced features.

• Two models each have three flavors of electronic codes. The basic model supports Master, User and PIN. The advanced model supports Master, Manager, and User. As you might guess the advanced model lets you dole out multiple user combinations. To what end I’m not sure, since there is no audit trail.

• When entering the electronic code, the first key press occasionally sounds like it bounced, leaving you to wonder if you pressed it once (beep) or twice (beep-beep).

• There is no troubleshooting guide.

Overall, I’d give Sentry’s unnecessarily complicated documentation 3 points out of 10. Consider that every computer I’ve purchased in the last ten years arrived with some type of pictures-only “quick start” guide for those jonesing to open a spreadsheet. Sentry missed the boat by not supplying one for these comparatively brutish devices.

Now, I’m willing to stipulate that the safe behaves exactly as advertised. That doesn’t make it a good product. A good product always begins with good specifications, chief among them functional specifications, i.e. exactly how the system should behave in different scenarios. A good functional specification is 80% of your user manual.

If you’re looking for my tie in to INFOSEC, there it is. Good INFOSEC always begins with good specifications, and is trivially easy to use regardless of how hard it was to build. In my former position at Amazon.com, twenty vendors a day wanted to sell me something. Nowadays I consult with those vendors. My message remains the same: Sell me something that makes my life easier and gives me a windfall benefit of increasing security.

Incidentally, the best instructions on the planet are produced by Lego. Yes, the toy company. They manufacture those colorful interlocking bricks within a tolerance of two one-thousandths of a millimeter (0.002 mm). My six-year old son builds moderately complex Lego models for fun. If they made an INFOSEC product, I’d buy it.

For the record, none of this means you shouldn’t buy a Sentry safe. I’m keeping mine and I’m certain I’ll be happy with it.

Related posts:

1. Is your laptop the same as your suitcase?
2. The New Discovery Process
3. Securing Funding for Security Fundamentals
4. Why User Education Will Never Work
5. Imagination: Security’s Missing Link

Posted by Larry J. Hughes, Jr. on Friday, December 22nd, 2006, at 12:00 am, and filed under Articles.

Follow any responses to this entry with the RSS 2.0 feed.

You can post a comment, or trackback from your site.