Human Error: Slips, Mistakes & Error Prevention

Key takeaways

Slips are correct-goal, wrong-execution errors caused by lapses in attention or automated behavior — fix them with constraints, undo, and clear affordances that interrupt automaticity.
Mistakes are wrong-goal errors caused by flawed plans or incomplete knowledge — fix them with better system feedback, progressive disclosure, and recovery paths that teach.
Error prevention is a hierarchy: eliminate the opportunity first, then constrain, then warn, then make recovery easy.
Error messages are a critical design surface — they must name the specific problem, explain why it happened, and prescribe an exact fix; vague system-speak ("Invalid input", "Error 403") is a design failure.
WCAG 2.2 encodes error prevention as an accessibility requirement — Redundant Entry (3.3.7) and Accessible Authentication (3.3.8) are 2.2 additions that protect users with cognitive disabilities and are increasingly a legal baseline.

The full lesson

Interfaces fail in predictable ways. Long before a user clicks the wrong button or submits the wrong value, the design has already set up that failure. James Reason’s model of human error — refined by Don Norman into the vocabulary every UX practitioner should know — gives us a principled way to diagnose why errors happen and, more importantly, how to design them out. Understanding this taxonomy is not academic. It is the foundation for every error message, confirmation dialog, and undo flow you will ever build.

Why “User Error” Is Usually Designer Error

The phrase “user error” is a red flag. When we call a failure the user’s fault, we close the design loop too soon. Don Norman’s The Design of Everyday Things makes this clear: humans bring consistent, predictable cognitive limitations to every interaction — around attention, memory, and knowledge. A design that ignores those limitations is waiting for an error to happen.

The better way to think about it: errors are symptoms of a mismatch between the interface and how the human mind actually works. Errors tend to cluster around:

Actions that require sustained attention right when attention lapses
Inputs that look identical but mean different things
Procedures that differ only slightly from a well-practiced routine
Feedback that is absent, delayed, or ambiguous
Irreversible actions that carry no warning

Design has enormous leverage here. Real-world error rates drop by 50–90% when the specific root cause is addressed. The first step is knowing which type of error you are dealing with.

The Slip vs. Mistake Distinction

Norman, building on Reason’s work, divides human error into two top-level categories: slips and mistakes. The distinction determines which design intervention is right.

A slip happens when the user’s goal is correct but the execution goes wrong. The user knows what they want to do — they just do something else instead. Slips are errors of action. They happen below the level of conscious intention, and they cluster around highly automated, routine behaviors where conscious attention has drifted.

A mistake happens when the user’s goal itself is wrong — based on a flawed plan, a misunderstood system, or incomplete knowledge. The user does exactly what they intended, but what they intended was the wrong thing. Mistakes are errors of planning or evaluation.

This distinction matters because the design fix is different:

Error type	Root cause	Design response
Slip	Correct goal, wrong action	Constraints, undo, clear affordances, distinguish similar controls
Mistake	Wrong goal or plan	Better feedback, progressive disclosure, clearer system state, onboarding

Types of Slips: Capture, Description, and Mode Errors

Slips are not one thing. Norman identifies several distinct mechanisms, each with its own design implication.

Capture Errors

A capture error happens when a more frequently practiced routine “captures” control from a less-practiced one. A classic example: you drive to your old office on the first day after changing jobs, because “drive to work” has been executed thousands of times as muscle memory. In interfaces: a developer who routinely presses Ctrl+W to close a tab accidentally closes an unsaved document when a text editor uses the same shortcut. The dominant routine fires when attention lapses.

Design implication: Do not map dangerous actions to high-frequency gestures. If your app shares keyboard shortcuts with the OS or widely-used apps, users will misfire under cognitive load.

Description Errors

A description error happens when the user performs the right type of action on the wrong object — because the intended target is too similar to an adjacent one. Dragging the right file to the wrong folder. Clicking “Delete User” instead of “Delete Post” when both buttons look identical and sit close together.

Design implication: Differentiate controls that do different things. Separate destructive controls from constructive ones — both spatially and visually. Label destructive actions with their consequence (“Delete account permanently”), not just their category (“Delete”).

Mode Errors

A mode error happens when a device or interface has multiple operating modes and the user performs an action that is correct in one mode but wrong in the current one. Caps Lock is the classic keyboard example: the user types in the wrong case because they forgot that mode was active. In software: a graph editor where the same mouse drag either selects nodes or pans the canvas depending on a mode toggle with no persistent visible indicator.

Design implication: Make the current mode unambiguously visible at all times. Mode indicators should be persistent, not transient. When possible, eliminate modes entirely. If you cannot, use clear affordance changes — cursor change, toolbar state, color shift — to signal mode transitions.

Types of Mistakes: Rule-Based and Knowledge-Based

Mistakes divide along lines of how much domain knowledge the user has.

Rule-based mistakes happen when a user applies the right rule in the wrong situation, or applies a wrong rule because the situation looks familiar. An experienced admin applies a “this type of file is always safe to delete” rule and removes a system-critical configuration file because it matched the pattern. Rule-based mistakes are most common among intermediate users who have internalized some shortcuts but not the full system model.

Knowledge-based mistakes happen when the user has no applicable rule and must reason from first principles — often incorrectly, because their mental model is incomplete. A novice configuring DNS records who misunderstands the relationship between an A record and a CNAME is making a knowledge-based mistake. The user is not careless. They simply lack the system model needed to form a correct plan.

Design implication for rule-based mistakes: Provide feedback that distinguishes similar-looking situations. If two situations look the same but require different actions, the interface must visually communicate the distinguishing context.

Design implication for knowledge-based mistakes: Use progressive disclosure, inline guidance, contextual examples, and graceful failure states that explain why something did not work. The goal is to transfer knowledge at the moment of need — not to make users read a manual.

Error Prevention: The Hierarchy of Design Interventions

The most powerful error-prevention strategies work upstream — they make the error impossible or automatically detectable. Downstream strategies are remediation after the error has already happened. Think of this as a hierarchy, from strongest to weakest:

Eliminate the error opportunity entirely. This is the gold standard. If a form field only accepts dates, offer a calendar picker instead of a free-text input. If an action is irreversible, require a confirmatory intermediate step that cannot be bypassed by habit.
Constrain to valid inputs. Disable UI elements that would lead to invalid states. Grey out “Submit” until all required fields are valid. Use input masks or validated fields that reject illegal values on entry. This is forcing function design.
Provide immediate, specific inline feedback. Validate when the user leaves a field (on blur), not only on submit. When a value is invalid, explain exactly what is wrong and what the correct format is. The WCAG 2.2 pattern: use aria-describedby to link a specific, actionable error message to its input. “Phone number must be 10 digits, e.g. 555-867-5309” beats “Invalid phone number” by every usability metric.
Warn before irreversible actions. Use confirmation dialogs sparingly. Overuse causes habituation — users click through without reading. Reserve them for genuinely destructive or costly actions, and make the consequence explicit: “Delete 47 photos permanently? This cannot be undone” rather than “Are you sure?”
Make errors reversible. Undo is often a better solution than a confirmation dialog. It costs the user nothing when the action was correct, and rescues them when it was not. Gmail’s “Undo Send” is a masterclass: it does not block sending (which would add friction to every correct send) — it just delays delivery by a configurable window.
Design recovery paths. When an error has occurred and cannot be undone, make recovery as easy as possible. Preserve entered data, explain what happened, and offer a clear next step.

Write error messages that name the specific problem and prescribe the exact fix (“Enter a date after today’s date”).
Validate inline on blur with persistent, visible error text linked via aria-describedby.
Place destructive actions away from constructive ones and label them with their consequence.
Make dangerous or irreversible actions require two distinct intentional steps.
Offer undo for any action that might be accidental — prefer undo over heavy confirmation dialogs.
Make the current mode persistently visible when modes cannot be avoided.

Don't

Show generic “Invalid input” or “Something went wrong” errors that force the user to diagnose the problem.
Validate only on submit — users lose context about which field failed and why.
Place “Delete” adjacent to “Edit” with the same visual weight and no spatial separation.
Use browser confirm() dialogs for error states — they are visually jarring, unstyled, and block all interaction.
Rely on confirmation dialogs as the primary defense against errors — users habituate and click through them.
Design modes without persistent, visible indicators of the current mode state.

Error Messages as a Design Surface

Error messages are one of the most under-invested surfaces in interface design. A bad error message at a critical moment can strand a user, erode trust, and kill a conversion. A good one repairs the user’s mental model and gets them back on track.

Every useful error message has four parts:

What happened — a plain-language description of the problem (“Your session expired”)
Why it happened — enough context to prevent confusion (“Sessions end after 30 minutes of inactivity”)
What to do — a specific, actionable recovery path (“Sign in again — your draft was saved”)
Tone — factual and respectful, never blaming, never condescending

Vague, system-centered messages like “Error 403” or “Operation failed” are machine-to-machine communication leaked into user-facing UI. Modern practice is to translate system states into user-centered language. If technical detail is useful for power users or support teams, put it in a collapsed disclosure — do not lead with it.

Feedback, Visibility, and Slip Prevention

Slips are most dangerous in two conditions: high cognitive load and highly automated task sequences.

In high-load environments — multi-step wizards, data-entry dashboards, checkout flows — users are juggling multiple mental threads at once. The practical design response: reduce the number of controls visible at any moment; use spatial separation and visual weight to prevent accidental targeting of adjacent controls; keep destructive actions out of the high-traffic center of the screen.

For highly automated sequences — password entry, keyboard shortcuts, routine form navigation — the user is not consciously attending to each individual action. Design interventions: avoid mapping high-frequency gestures to dangerous actions; use distinct visual states for destructive controls. A red button is a pattern-interrupt for the automated action stream, not merely decoration.

Underlying both contexts is Norman’s first usability principle — visibility of system state. Much of what makes errors hard to catch is not the error itself, but the absence of clear feedback that one has occurred. Effective error feedback has four qualities:

Immediate: Feedback within 100ms feels causally connected to the action. Delayed feedback severs that link.
Specific: Identify what happened, not just that something happened.
Persistent until resolved: Error states must not auto-dismiss. They should remain visible until the user actively resolves them.
Not color-only: WCAG 2.2 SC 3.3.1 requires errors to be identified in text, not indicated by color alone. A red border is invisible to many colorblind users.

The flip side of feedback is confirmation of success. When a user completes a significant action — submitting a form, saving a record, publishing content — a clear, brief success confirmation closes the action loop. Without it, users may repeat the action because they were unsure it worked.

WCAG 2.2 and Error Prevention

Error prevention is not only a usability concern — it is a legal accessibility baseline under WCAG 2.2. The relevant success criteria form a layered defense:

3.3.1 Error Identification (A): When an input error is detected, identify the item in error and describe it in text.
3.3.2 Labels or Instructions (A): Provide labels or instructions when content requires user input — preventing errors before they happen.
3.3.3 Error Suggestion (AA): If an input error is detected and correction suggestions are known, provide them.
3.3.4 Error Prevention — Legal/Financial/Data (AA): For consequential actions, submissions must be reversible, checked, or confirmed before being finalized.
3.3.7 Redundant Entry (AA, new in 2.2): Do not ask users to re-enter information they already provided in the same session. This reduces transcription errors and the cognitive load that produces them.
3.3.8 Accessible Authentication (AA, new in 2.2): Cognitive function tests — like recognizing patterns or transcribing distorted text — cannot be the only authentication method. This protects users with memory or attention disabilities from disproportionate error risk.

Measuring Error-Proneness in Research

Error rates are a first-class usability metric, not a secondary concern. Here is how to measure them rigorously:

Task-based usability testing: Define tasks with binary success criteria. An error is any deviation from the optimal path that requires recovery. Record error rate (errors per task attempt) and error type (slip vs. mistake) separately.
Behavioral analytics: Click heatmaps, rage-click tracking, and funnel drop-offs surface error-prone hotspots at scale. A high rage-click rate on a control often signals that users expected different behavior and are misfire-clicking in frustration.
Form analytics: Field-level abandonment rates and field revisit counts identify which inputs generate the most errors and corrections. A field with a high revisit count is generating confusion or rejection.
Error log analysis: Server-side validation errors, 4xx responses, and failed transactions all carry the fingerprints of user error. Systematic analysis of error payloads often reveals specific input patterns — wrong date format, missing country code — that can be addressed with targeted design changes.

Modern research triangulates behavioral data with qualitative sessions. Behavioral data tells you where errors concentrate. Think-aloud sessions tell you why. Self-report surveys (“How easy was it to complete the task?”) have a well-documented say/do gap: users often rate tasks as easy even after struggling, especially for errors they feel embarrassed about.