You might expect this investment would be producing better and better software, but every day you probably experience the reverse. Cryptic error messages, confusing flows and plain old software crashes seem as inevitable as death and taxes.
But they don’t need to be. The difference between disappointment and software people love to use boils down to just five golden rules.
In previous posts, I discussed the fundamentals of understanding your user and creating a consistent and performant experience. In this final post, we wrap up balancing the needs of the head (pragmatic security) with the heart (user delight).
Rule No. 4: Be Secure (Yet Practical)
Data is digital, and digital data is vulnerable. Personal data, corporate secrets -- it’s all fair game for cybercriminals. It doesn’t matter how performant or user-centric your software is if it exposes sensitive information for pilfering.
That said, you need to strike a balance. Security is not a yes-no question; rather, it's a compromise between risk and return. All security creates inconvenience. The question is whether the value of what you’re trying to protect justifies the trouble. If you’re designing a banking site, you can justify almost any amount of security: strong passwords, captchas, two-factor authentication. But should you ask the user to enter a two-factor code to check their gas bill? That’s harder to say.
Sometimes the right move is to loosen up a little. In the early days of the internet, when most people worked on large monitors, leaving a password visible was unthinkable. Developers always made sure it was hidden behind dots as you typed. But with the advent of smartphones, obscuring passwords was often more trouble than it was worth. Tiny touchscreen keyboards made typing mistakes more common and harder to catch when users couldn’t see what they had typed. At the same time, applications were demanding increasingly complicated passwords with numbers, upper and lowercase letters, and special characters, making mistakes even more likely.
Users grew frustrated, and businesses felt the pain, too. At one utility I know of, more than 80% of support calls had to do with username and password complaints. Most of the time, the customer had left the Caps Lock on or were just mistyping one character. As the number of these simple errors increased, so did support costs, giving businesses an incentive to find some middle ground.
The result was the now-familiar "eye" icon, which allows users to reveal the text in the password field, letting them decide how much risk they’re willing to take. They might leave the password obscured on a crowded train, but reveal it at home where the risk of snooping is lower.
There is no simple answer as to how much security an application needs. In the end, you have to be guided by what’s best for users, which once again means understanding who they are, how they’ll be using the product and what sort of balance you can strike between security and convenience.
Rule No. 5: Be Delightful
Comments
Post a Comment