It took me three hours in total to go to my friend’s place
and return back. In three hours I actually just spent an hour at her place and
rest of the time I was stuck in bad traffic jam; counting cars passing by,
observing stalls displayed in the surroundings of commercial site nearby. It was later revealed that there was a police
check post meant for thoroughly investigating every vehicle passing by. It was simply
headache. Huh!!
Traffic jams are not a big deal for us now. We are getting
immune to it time by time. But have we ever thought why this measure has been
taken? Certainly, to facilitate people and to prevent us from any unfortunate
happening. However such physical controls add to user inconvenience.
The point I want to highlight here is that most of the deployed
security checks bring user inconvenience. Even for simple administrative
tasks, one has to bear the pain of visiting one office to another office taking
approval starting from lower hierarchy till he reaches the office of higher
authority. The best example to quote here is how we go through clearance thing after
graduation.
Let’s come to the cyber world from this physical world. Normally
security professionals quote this example… how much thought we put when we key
in username and password while making some transaction? Not much; I must say.
We look for the easy way and give easy to remember passwords. We trust the
service provider and believe that application we are using is safe. However,
speaking of the real scenario; the Internet is facing growing security
breaches, transaction frauds, information misuse and phishing attacks. Word
Wide Web is most vulnerable platform that can put massive amount of personal
information in the wrong hands. Internet hackers are using sophisticated tools
to find their way into computer systems all over the globe.
Take another example in which you need to choose one from two
email services. Service#1 requires you to enter login credentials and check
your email. It has clearly labelled tool bar, suggest you different controls and
give you customization option in easy to understand language. On the other
hand, Service#2 requires you to authenticate yourself and enter CAPTCHA codes after
every second. The first service is pleasant from user point of view but the
second service provides rational security and keeps valuable information from
falling into wrong hands. This is where we need to learn how to balance
security with user experience. Most of the application developers overlook user
experience while designing applications for users which ultimately end up with
security incident. Security professionals should be fully aware of the fact
that they should give priority to security but nevertheless they should not
keep aside user viability.
There is nothing like 100 percent security. Security needs
implementation but with proper management; only in this way one can ensure that
security and user experience are working in harmony with each other.
Introducing too many controls and permission do no good rather just create poor
user experience and loss in number of potential customers.
The
cartoon below illustrate this plain truth in humorous way
How user experience can be aligned with security?
Having realized that there is a trade-off existing between security
and user experience; what approach should be followed in order to balance both
sides successfully. For most systems, adhering to user experience best
practices, principles and guidelines can actually improve their security. The
MAKE IT SIMPLE rule gives three easy steps which may align user experience with
security requirements
- Reduce: Provide everything that your user needs and nothing more than that. Disclose the important information in progressive manner and don’t throw things at user
- Organize: Suggest structure without enforcing it. e.g. when you login into your Gmail account the user is suggested to submit mobile number but this is additional requirement for security and doesn't enforce
- Prioritize: Offer the common and important information first
Requesting too much permissions from the user upon
authorization create a bad user experience. Establish trust between your users and application. Layered architecture of security is preferred but that again needs to be properly manages keeping user friendly approach.
The art of achieving right proportion between usability and security is still evolving. Users are also getting security aware, and most of them don't mind adding extra layers of security before they can access the personal information. However proper awareness and training need to be done. Users should be trained to accept security checks because they are means of providing them ease. Developer need to realize the fact that adding usability in the application is as important as developing an application and no doubt with little consideration we can ensure that security remains coupled with pleasant user experience.
So What do you think? Please leave your comment below :)
Author: Rabeea Imran
