I greatly appreciate the many replies. It looks as though the most practical option that's been suggested is to challenge the user to type something instead of just clicking a button.

Of course, that will be thwarted by agentic automation, but I guess it's an approach that might work for a year or three. 🙂

Thanks again!

@xahteiwi If it is really important:

• Error message: "This action has been stopped until you do X"

And you are required to do something in a different app or even on a different system. You enforce a break in media continuity ("Medienbruch").

This makes it more "expensive" but the price tag raises awareness (and aversion, if it happens too often).

A cheaper version is the demand to enter a certain text like "DELETE TENANT X".

@xahteiwi If it is really important, e.g. because the consequences would be severe, make them think! Make them e.g. write something.

Decades ago, I did a stupid thing on a Debian Linux computer. And the system asked me to literally type something like "I am aware this is a stupid but I want to shoot myself in the foot" before proceeding.

DigitalOcean asks you to write out (or copy&paste, of course) the name of the VPS before deleting it.

Include one step which is not just a click on "OK".

@xahteiwi i have not seen another way.

Even before the advertising industry killed it for good, most users already blindly clicked OK, as lots of Windows applications had way too many modal dialogs that users wanted to dismiss in order to continue their work.

Basically users want to continue their work flow without interruption, as instinctively they know interruption makes them loose track of what they are doing.

@xahteiwi

In one instance I used a message-box with a text-input: 'This will do X and be irrevocable. If you're sure, that's what you really want TYPE "acknowledged" in the field below.'

It wasn't popular, but for the ~10 years it lingers in the app, I have never been called to restore data changed/deleted by that part of the program.

@xahteiwi Warn the user ahead of time that this is a two step process. Once they have completed step one, refer them to step two which should be listed in some form of inbox or notification system so that the detail is not lost.

It's possible, although awkward, to take a leaf out of FORMAT's book and ask someone to put in the name of whatever they're changing manually, or their password again.

Really though, it's most importantly about arse covering. No matter what action is taken some users will not worry about consequences until later.

Also, it usually involves code programmers don't want to write, but enforcing a save state or a cool off period helps.

You are about to delete all your data, are you sure? Y/N
Please insert disk to back up your data first or type in 'I am an idiot' to skip this
Please type in your password again to confirm you are a smartarse who will definitely not regret deleting all your data without a backup

@xahteiwi The correct(tm) way to do it is undo. Undo can take different shapes or forms. It can be immediate like in a word processor or indirect like with the recycle bin. Undo is backed up by usability research.

If you cannot offer undo, something like GitHub's "Enter the text ... below" is an option.

@xahteiwi make them think, make them do something unexpected, make them do something more involved than a simple click.

Entering a text like "yes, please delete stuff xyz" is a cheap a and simple method.

It also helps to visually separate those dangerous actions from others (the "danger zone" to be found on some platforms). While probably a small effect, it somewhat tunes the mindset.

@xahteiwi

It depends a lot on the use case but there are a bunch of old ideas that are relevant.

Apple's HIGs from 30+ years ago told you never to put 'yes' or 'no' or 'okay' on dialog box buttons. The buttons should always be verbs or verb phrases. For example, don't do:

'Erase your disk?' [ No ] [ Yes ]

Instead, do:

'Erase the disk?' [ Do not erase ] [ Erase the entire disk ]

This means that even people who don't read the question do read the answer before selecting it. For very high stakes things, you can require people to type 'I wish to erase the entire disk and I know that this cannot be undone' or similar, rather than a button.

For slightly lower-stakes thing, people sometimes disable the proceed button in the dialog for a few seconds. This solves two problems:

• User clicks before reading.
• Dialog appears and the user aims to click on something else that happened to be below the dialog.

There's also Raskin's First Law: A program must not harm a user's data or cause a user's data to come to harm.

This means that you need to make these operations support undo. For erasing an entire disk, that's not feasible, but for most things it is. Don't delete things, move them to a to-delete area. This is why MacOS had a rubbish bin from the start: delete moved things, if you didn't mean to delete them there was a move-back (undelete) button.

For a lot of things, starting with a non-destructive model makes sense. For example, if your file format includes unlimited undo history, you can add a 'publish' button that gives you a new copy without undo history. That means that you never have destructive operations. Similarly, if you're running some semi-arbitrary code, do it in a sandbox, unconditionally. Don't ask people 'do you want to trust this probably malicious thing?' just treat it as malicious and sandbox it.

@xahteiwi

One idiom that's become common in games is that for important actions you can't just click a button -- you have to click and hold for a second or two while a visual gauge fills up on the screen.

You can combine this with a pop-up, so that clicking "Cancel" immediately closes the pop-up without doing anything, but to actually execute the delete action you need to press and hold the "Delete" button for five seconds.

@xahteiwi Wording is key, give it a catchy title that already explains the situation. Use the same verb in the text as on the buttons.

One more pattern that comes to mind is a confirmation checkmark, disabling OK until it's checked:

☑ I understand that if I click OK, X will happen

[ OK ]

@xahteiwi My 2 cents:

If it’s an undoable action:
- popup that forces you to write.
- timer before button is active.

In any case:
- Information must be clear.
- Text button should contain the action. Instead of “OK”, “Delete user”.

If it’s and undoable action, just let the user undo if they commited a mistake.

Hope this helps.

PD: Responses loaded after I wrote this, saw people already mentioned these options. Sorry for the noise. 💖

@xahteiwi I think there have been some good responses so far (I like the click-hold and type-it-out options), but I would also suggest that simply making it look different might reduce the issue to a degree.

People are conditioned to press Okay or Accept when they see a box of random text, so perhaps that can be broken by adding something besides text. If they're choosing to irreversibly delete a file, for example, add a small picture of a cartoon bomb, a paper shredder, or Ol' Yeller. If they're trying to pipe curl to bash, add some emojis 💥💻💥 to catch their attention.

Please note, I know nothing about corporate UX design and this is just the random opinion of some guy wearing cartoon pajamas.

@xahteiwi
You have to make it clear that taking his action requires the permission before they click the thing.

"You must have cookies enabled to go beyond this point [continue]"

It's bad manners to provide the button and then demand they agree after clicking it