How do we balance the user experience (UX) with reasonable security measures? It can be done, if you keep these fundamentals in mind.
As the world has grown more interconnected, security has become a larger and larger focus for all of the brands and services we interact with on a daily basis. And some in the tech industry claim we collectively generated more data in the previous two years
than we did in the entire history of our race until that point.
If that doesn’t make the security of our personal information a top concern, nothing will. But how do we balance the user experience (UX) with reasonable security measures? It can be done, if you keep these fundamentals in mind.
1. Make Security an Early Priority
Security needs to be a top priority or you risk implementing it as an afterthought, in a clunky and user-unfriendly way. We’ve probably all used services and apps that didn’t appear to take security into account until the last stages of development.
Avoiding this problem is called “security by design
.” Yes, it does require that your designers have at least a small amount of experience with security, but it also ensures that when the time comes to fully implement your security measures, a place for them has already been prepared.
2. Keep It Simple But Not Too Simple
We get it — “understated” design is all the rage these days. But you might want to reconsider if you’re planning on burying the menus or controls for your webpage or app under a “utilitarian” paintjob. The same thing applies if you’re thinking about nixing, say, labels from your toolbar buttons. By all means, make these things an option for your power users, but when it comes to creating effective UX for the masses, leave nothing to chance.
Why? Simply put, because if your UX is intuitive and easy to use and understand, your users will be less likely to flip a switch they shouldn’t. Security controls can be granular, offering opportunities for personalization. But if your UX is indecipherable, your users won’t be able to take full advantage of these features — and may actually make themselves less safe
than they were before.
Naturally, this is a difficult balancing act, but it can be done. Users expect a simple interface — and they’re right to do so — but if it comes at the price of muddling potentially important safety features, take a step back and think things through again.
3. Listen to Your Users
If you haven’t made it easy to communicate back and forth with your users, you’re leaving the door open to potentially damaging security issues.
Adding contact tools to your website, app, or service is already an important best practice
, but it becomes even more important when you consider security issues that can crop up unexpectedly and oftentimes in a neglected corner of your software. Be sure you’re making it simple for your users to report bugs, issues, or anything else that gives them pause about the security of your service.
4. Take Advantage of Modern Safety Features
We’ve all witnessed a number of high-profile and embarrassing security snafus in recent years. In general, though, the companies associated with these breaches have been quick to respond and implement modern security features they hope will ensure nothing like it happens again in the future.
Consider, for example, how many apps and services started taking two-factor authentication seriously
in the wake of “celebgate.” This is a common-sense solution that provides users with a notification if somebody other than them attempts entry into one of their accounts. Put simply, it sends the user a one-time code they need to enter at login.
This obviously adds an extra step to the login process — and another barrier to a truly seamless UX — but even if you’re not turning it on by default, it should still be a promoted option. And while you’re at it, since we’re talking about quality UX, consider how most people are going to interact with these “code prompts” when they arrive. Generally, they’re sent to the user’s smartphone via standard text message.
This is where knowing your users come in handy:
- If they’re likely to be accessing their account on a laptop or desktop computer, referring to their phones to retrieve their one-time login code is going to take them out of the experience.
- Make sure you keep that downtime to a minimum by issuing codes that aren’t longer than they need to be or that have a kind of rhythm to them, making them easy to remember long enough to transcribe on the main device they’re working with.
5. Create a Unified, Multi-Device Experience
Ubiquitous computing is finally here. Most of us spend a majority of our waking hours near our phones and then go home to our laptops or iPads. The world’s tech giants are even throwing their weight behind driverless cars
in the hopes of becoming our four-wheeled operating system of choice.
And that’s where the UX and security dilemma really comes to a head. All of these digital portals come in different form factors, with varied screen sizes and different capabilities. As a result, it’s more important than ever to create a user experience that unites all of these devices and makes the process of navigating security a familiar one, no matter where they are or which device they’re using at the time.
Consider Apple’s approach. While most people upgrade their phones on a regular basis, there are always going to be holdouts with hardware a couple generations old. So while your iPhone 7 might take advantage of the built-in fingerprint scanner, your partner might still be using their four-digit passcode on their iPhone 4s.
And there’s nothing wrong with that. The point is, the newer devices still have the option to fall back to the older-style passcode, and the software bundled with that new phone doesn’t become unusable for people with older hardware.
Finding the Balance
Clearly, UX demands great attention to detail, and coupled with modern security concerns, you’re going to have your work cut out for you. But if you keep these basic tenets in mind, you should be able to find a comfortable balance in no time — and safeguard the goodwill of your users while you’re at it.