Security systems are irritating
Every time when I enter in abc website it asks me for Login,
I am getting irritated with Typing my username and Password. Every 30 days it
asks me to change my password and I can’t repeat my old passwords, if
accidentally I enter my password wrong x times it locks my account and unlocking
account is again big task because it asks 3 security answers which I set 3
years before. Why it is so complex and bad? Answer is – “This if for your
security”. Which is very good in securing your data and information but very
bad in user experience. Current security systems are very irritating but this
is not a fault, this is an opportunity for innovative designers to design
security systems in such a way so that user’s data should be secured and using
security system in easy and fun, designing USABLE SECURITY SYSTEM.
Ex. Income tax return website – Normal people uses this
website once or twice in a year for filling their income tax returns and filling
ITR process starts with Login and nobody remembers their password so process
starts with Forgot Password. Complete process is starting with unnecessary step
(Forgot Password) and leads to irritation.
Real life frustrations
There are some security elements running in thousands of
websites which may be very secure but increasing cognitive load/ increasing
frustrations in the aspect of Usability.
Passwords
On an average a normal internet user has 60 to
100 websites where he/she has login (Username and Password) so at one time a
normal internet user remembers 100+ passwords. Some of the websites requires
more security for at regular interval he/she has to change his/her password and
he/she can’t use their old passwords. Remembering Passwords is real pain now a
days. Pan increases when any website asks for setting more secure passwords
(Password should be alpha Numeric, containing Special characters and Capital
letters bla bla bla…)
Security Questions
Setting security questions for any site is
also one big pain, some security systems also asks you to set questions also
along with answers. Increasing cognitive load for a user.
Captcha
Have you smiled when you have seen captcha ever?
Never… Specially captcha on mobile apps/websites.. oh god save me… Just to verify
I am not a machine or robot it takes 1-2 attempts me to complete my work.
Captcha has some more usability issues like for visually impaired people
reading and understanding captcha is a real pain.
M-Pins
Although M-Pins are easier as compared to secure
password but sometimes it becomes very easy in cracking. Most of the people set
their M-Pins with their DOB or some patterns like 1111, 0000, 1234 etc. which
are easily in cracking.
OTP
This is a new one (One Time Password) this reminds you
the importance of your mobile phone. It has several issue like sometimes
Network in your mobile phone varies and you can’t get OTP in your phone on time
and your session gets expired. Secondly If you not having your phone with you
or if your battery has died you can’t process your work.
Session
This is also a trouble you are filing a form and
you have completed it mostly suddenly a message comes “try again your session
is expired”. Your whole work got wasted without saving.
How to design usable security system
Understand user behavior, find patterns
Before designing any security system for any
website or office understand user behavior through research. User research is
very important for designing a usable security system. Security system will be
usable when it helps user in performing user their intended tasks.
Use Cognitive Principles
For remembering passwords use
cognitive principles example chunking. Chunked information easily gets stored
and retrieved by human brain.
Think about frequency of use
Keep frequency of use in mind
before designing security system, Example Income Tax return website, a normal
user visits once or in every six months. SO if you designing security system
for this site don’t expire password in less duration.
‘Show password’ element in place of ‘Repeat password’
To
verify password instead of using ‘Repeat Password’ provide ‘Show Password’ in
forms.
Show Password rules & tips upfront
It becomes very
useful when tips & rules for setting password are available upfront for a
user.
Alternate option of authentication from OTP: Don’t depend on
OTP on mobile only, send OTP on email ID also.
Find forgot password/username data and analyze it
Get
statistics about ‘How many users has used Forgot Password in last some time
(say 1 year)?’ and analyze this data. It can give you more insights about
security system
Be innovative
“Think about usable login system”
Usage of technology and innovative thinking is required in
finding amazing & secure login methods. Example: Finger print scanner
technique in iPhone.
Designing secure and Usable security system is becoming new
opportunity for designers and must business need.
0 comments:
Post a Comment