Friday, 25 March 2016

Designing Usable security systems

Security systems are irritating

Every time when I enter in abc website it asks me for Login, I am getting irritated with Typing my username and Password. Every 30 days it asks me to change my password and I can’t repeat my old passwords, if accidentally I enter my password wrong x times it locks my account and unlocking account is again big task because it asks 3 security answers which I set 3 years before. Why it is so complex and bad? Answer is – “This if for your security”. Which is very good in securing your data and information but very bad in user experience. Current security systems are very irritating but this is not a fault, this is an opportunity for innovative designers to design security systems in such a way so that user’s data should be secured and using security system in easy and fun, designing USABLE SECURITY SYSTEM.

Ex. Income tax return website – Normal people uses this website once or twice in a year for filling their income tax returns and filling ITR process starts with Login and nobody remembers their password so process starts with Forgot Password. Complete process is starting with unnecessary step (Forgot Password) and leads to irritation.

Real life frustrations 

There are some security elements running in thousands of websites which may be very secure but increasing cognitive load/ increasing frustrations in the aspect of Usability.

On an average a normal internet user has 60 to 100 websites where he/she has login (Username and Password) so at one time a normal internet user remembers 100+ passwords. Some of the websites requires more security for at regular interval he/she has to change his/her password and he/she can’t use their old passwords. Remembering Passwords is real pain now a days. Pan increases when any website asks for setting more secure passwords (Password should be alpha Numeric, containing Special characters and Capital letters bla bla bla…)

Security Questions
Setting security questions for any site is also one big pain, some security systems also asks you to set questions also along with answers. Increasing cognitive load for a user.

Have you smiled when you have seen captcha ever? Never… Specially captcha on mobile apps/websites.. oh god save me… Just to verify I am not a machine or robot it takes 1-2 attempts me to complete my work. Captcha has some more usability issues like for visually impaired people reading and understanding captcha is a real pain.

Although M-Pins are easier as compared to secure password but sometimes it becomes very easy in cracking. Most of the people set their M-Pins with their DOB or some patterns like 1111, 0000, 1234 etc. which are easily in cracking.

This is a new one (One Time Password) this reminds you the importance of your mobile phone. It has several issue like sometimes Network in your mobile phone varies and you can’t get OTP in your phone on time and your session gets expired. Secondly If you not having your phone with you or if your battery has died you can’t process your work.

This is also a trouble you are filing a form and you have completed it mostly suddenly a message comes “try again your session is expired”. Your whole work got wasted without saving.

How to design usable security system

Understand user behavior, find patterns
Before designing any security system for any website or office understand user behavior through research. User research is very important for designing a usable security system. Security system will be usable when it helps user in performing user their intended tasks.

Use Cognitive Principles
For remembering passwords use cognitive principles example chunking. Chunked information easily gets stored and retrieved by human brain.

Think about frequency of use
Keep frequency of use in mind before designing security system, Example Income Tax return website, a normal user visits once or in every six months. SO if you designing security system for this site don’t expire password in less duration.

‘Show password’ element in place of ‘Repeat password’
To verify password instead of using ‘Repeat Password’ provide ‘Show Password’ in forms.

Show Password rules & tips upfront
It becomes very useful when tips & rules for setting password are available upfront for a user.
Alternate option of authentication from OTP: Don’t depend on OTP on mobile only, send OTP on email ID also.

Find forgot password/username data and analyze it
Get statistics about ‘How many users has used Forgot Password in last some time (say 1 year)?’ and analyze this data. It can give you more insights about security system

Be innovative

“Think about usable login system”
Usage of technology and innovative thinking is required in finding amazing & secure login methods. Example: Finger print scanner technique in iPhone.

Designing secure and Usable security system is becoming new opportunity for designers and must business need.


About Author

Abhishek Jain (User Experience Designer)


Post a Comment