In today’s digital era, there is a great need for strong online security. Security focuses primarily on ensuring that legitimate users are authenticated and their information kept safe, and that malicious users or those who are not authorized do not gain access to or corrupt the sensitive information of legitimate users. Usability, on the other hand, aims to make the experience as efficient and pleasurable as possible for the assumingly legitimate end user. These two important goals often conflict with each other and need to be carefully worked through to ensure that both goals are effectively achieved. Unfortunately, the security expert and the UX designer are brought to the table when it is too late to work this out as needed. When this happens either security or usability is compromised. A system ends up either being vulnerable to numerous security risks, or it is unusable for the end user.
When security barriers prevent legitimate users from completing their goals, users will create workarounds that create vulnerabilities in the system. Passwords are written on sticky notes and placed on monitors, browser security preferences are disabled, and many other non-secure actions are taken. The same is true for the user experience design that has neglected security measures. In this case, the user’s goal of conducting secure interactions is not met, trust can be lost, and the user may abandon the site if personal credentials are vulnerable; if the user’s personal information is stolen or exposed, the user may not only stop interacting with the site, but be cut off from the brand entirely. There are also legal ramifications when it comes to patient health information being stolen.
However, when a thoughtful balance is struck between security and usability, the end user is both satisfied and secure. Security solutions that are successfully usable are more secure, build trust with users, and eliminate barriers that would deter the user.
Here are the 3 Strategies to Optimize UX:
1). Focus on Ease of Use
The key importance is that a solution meant to provide security is most secure when it is optimally usable by users whose information it is meant to protect. Users will comply with security features that are easy to use, but will become frustrated and attempt to bypass or shortcut an obtrusive measure of security. Users will care more about their convenience than the threat of an attack on the system (a user will think of this as an abstract concept if they consider it at all). A login, for example, can become a hindrance to the user if the password requirements are too complex, and if the forgot password flow requires a question that the user will not remember. This could result in the user replicating a password used on another site, or writing their password on a sticky note on their monitor where it is exposed to others. These workarounds make the system more vulnerable to malicious attackers, and could have been avoided by making the login process more user friendly.
2). Build Trust With Users
When users know that their information is safe, they will be confident in using your site or system. If the proper measures have not been taken to facilitate this security, the user will not engage your site or system out of distrust. Registration and secure accounts can be cumbersome to users but will be accepted when they are viewed as appropriate to protect their personal information. If the user understands that they will be storing confidential information on your site, medical records for example, they will be comforted that there are measures taken to ensure the safekeeping of such information and be willing to complete certain security protocol. Make sure to build on this trust by employing the proper security measures in a usable way, providing timely details and, when appropriate, displaying occasional reminders and check-ins about security preferences.
3). Pay Attention to Design Details
When usability and security are in harmony, the user is fully able to complete the goals they set out to do. Security measures will not block the user from logging in, viewing information, or sending data securely. Usability of the site will not be hindered because the users’ trust has been lost by not securing their data or because an attacker has compromised the site. Both sides are important and needed for the user to efficiently and pleasantly use your system. To achieve this level of balance requires careful attention to a myriad of small design details. These four specific design tactics will help make your security more usable and your user experience more secure:
- Equip users to succeed
- Prevent critical user error
- Provide clear messaging for security measures
- Test the usability of security solutions
Online users generally take online security for granted and don’t notice issues until something goes awry. It is up to designers, programmers, and data security administrators to immerse themselves in the user experience in order to deliver a seamless experience – one that balances both usability and security. By focusing on ease of use, building trust with users, and focusing on essential details, teams can lay the foundation for achieving this critical balance.
Latest posts by Gregory George (see all)
- Balancing Security and User Experience? 3 Strategies to Optimize UX - October 18, 2016