I was reading some other discussion here about how default passwords are handled, and it reminded me of some UI features/bugs/gotchas/bad design that may contribute to creating insecurity. Even if the intent was all good and the features are there, these could cause a situation where you inadvertently misconfigure something.
Instead of bashing the usual suspects, this time I have an example from Avigilon Control Center, 5.4.x if I remember correctly.
We had multiple sites with many servers in each, and cameras were grouped with folders. The thing that surprised me was that if you create a new user group, this group will by default get permission to every device. So you better fix that before adding users to the group. If you are not using folders, you will click on each and every camera to uncheck them if I recall correctly, because there wasn't an "unselect all" button, and even using folders it's very inconvenient. We had about a thousand cameras in the system, imagine the joy with just a single site. There were also some problems with Ranks apparently getting corrupted somehow, only showing '4294967295' (ie. 232-1) for everything. Fixing such issues in a big system is very tedious.
Also, any camera that is added is by default accessible to everyone until you deliberately uncheck the permission from every group, manually. If you have a hundred groups, there's a minimum of a few hundred clicks to sort it out. Very easy to forget too and I thought this 'feature' in particular was a crazy design choice from Avigilon.
A third one, when arranging things in Site View editor, the UI is a bit buggy so that it's very easy to accidentally drag a device around without even noticing. At one point you may just wonder why a certain camera is outside a folder, or inside a wrong one, possibly also visible to the wrong person. Not good.
These are hopefully fixed in later versions, I don't know. I sent feedback and suggestions about these a few years ago to Avigilon, so I may also remember some details wrong, but this is just a small selection of those anyway. There were also fun ways to accidentally mess up your entire Site after updating from 4 to 5, by clicking okay on an uninformative dialog that ACC shows and asks if data should be converted. My wrist still hurts when thinking about fixing it.
Please share if you know some similar gotchas about software/hardware that are useful to know to avoid accidents.