Data security is now a major issue on websites and with massive security breaches on significant sites being reported with alarming frequency, it is no surprise that users are becoming more concerned about the safety of their details.
There is a tendency among designers to believe that security and good UX design are in conflict with each other and that if you are fulfilling one requirement you are probably compromising the other. However, this isn’t necessarily the case.
When users visit a site what they really want is the minimum of fuss logging in and identifying themselves – and this applies to financial sites as well as everything else. The users are well aware that security of financial data is critical. Yet they still want to get in and perform their activities and get out again as quickly as possible. You will probably have experience yourself of a financial site that has many layers of security before you can get to business. Similarly there are checkouts that continually take you round the houses on data authentication and security before you can complete. This can be very frustrating and off putting and sometimes even leads to the abandonment of actions or purchases.
Real security needs
One of the basic precepts for employing security measures should be need. When do you absolutely need to have identification and authentication? – not necessarily when the user just enters your site and not for every transaction they undertake on it. So, make sure you are only asking for the level of security required for what users are doing and not over-engineering or complicating without good reason. Obviously where financial data is concerned or where the commitment of funds is involved a certain level of security will be required. There are quicker and simpler means of achieving this than going through a drawn-out process of checks. Biometrics for example, used frequently in mobile devices, provide the opportunity to check the identity of a user very quickly and in a foolproof manner without asking a lot of questions. Many devices now require this level of identification just to gain initial access.
Make it easy and fun
One technique that can be used to harmonise UX design and security is to make security more intuitive or fun for the user. This can relieve the tedium of going through the security protocols and eliminate the need for continually memorising long, unique passwords for each site. Recognising and validating the machines that users habitually access from can make storing and usage of passwords easier. Checking with them via phone or email if new devices are detected can also help protect users in these situations. Two-stage authentication is another way to increase security without much onus on the user’s complex actions to get there.
Security is not only the responsibility of the online provider. Users have a duty to protect their own data and help sites to keep their data secure. It is not impractical or offensive to remind users of what they can (or should) do to protect themselves and the reasons why it is important.