The early internet designed by Kahn and Cerf was not meant to keep people out. It was intended to be a global conduit of information. MIT Profession and AI researcher, Howard Shrobe says,
“The internet was designed for uninhibited sharing. As a result, keeping the bad guys out has become quite the impossibility for engineers and programmers.”
Internet security is a pressing concern that is driving the designers and the website developers nuts. Pulling the target audience towards your site becomes tough with an iron fence around your site. But once the guards are down, keeping them safe from scammers and bootleggers is more difficult! This has resulted in an ultra-complex arms race among the website designers and hackers.
Most of the security problems lie in the main code of the site. The website designers are given the sole responsibility of developing a site that makes sharing information easier. It is of prime importance that the site is easily SEO-friendly and user-friendly. This is like walking on a double-edged sword. While you are inviting your customers, you are also sending out an invitation to the hackers who are looking for the smallest window to access the backend of your website.
This puts us in front of a critical question that has been asked time and again by designers and users alike. “Should websites be less about aesthetics and more about user safety?” The choices are very difficult, and it is not a binary question either. So how to understand when you have achieved the perfect balance between the user interface and user safety?
Authentication is the first step towards safety:
Authentication is a necessary evil. Yes, we have been locked out of our own accounts for at least one day in the past. Of course, we have hated every bit of it. But without authentication, all our sensitive information can become accessible to any third-party who can use the data for accessing our bank accounts. A poorly designed authentication system is worse than no system at all. This can let the wrong people in or keep the right people out!
Authentication is one of the nodal points of online safety that your users rely upon. If you have an eCommerce website or a social networking site or a blogger’s hub, make sure your users feel protected. Get an authentication method for all users to verify their credentials.
Micro-interaction starts with authentication:
We keep asking users to “log in” to their accounts to buy our products and services. This usually involves details like email address and a unique password. But what happens when this step fails miserably?
Dan Saffer calls this authentication step a Micro-interaction. These are defined as the small moments when users and the website design interact directly. These are rare, and this authentication process is one of them. The experts opine that the UX is directly dependent on the Micro-interaction process. A poorly designed website definitely hurts the UX.
Micro-interactions distract the users from the content of the site and keep you from attaining your intended target. It gets really annoying at times when the real customer has to keep asserting his authenticity to the application or website. Using Captcha and multi-platform verifications are indeed very secure, but they also make customers feel hassled.
Then there are the error messages! These are worse when it comes to the authentication step. And this is another Micro-interaction that steals the user’s attention from the intended goal.
Micro-interactions don’t get the love they deserve:
This is true! Most of the times the authentication process gets the very little attention of the website designers and developers. They are results of afterthoughts and rarely have a flair for their designs.
Some websites lock out users after 3-5 times of wrong password entries. Well, why not increase the tries to 10 or 15? Or give multiple verification options. Any intruder trying a brute force attack will fail at least a dozen times. And by then any sensible website can lock him out. Won’t it be a lot better if sites could send a direct link to the user’s email through which he could reach out to a site supervisor or a support person?
These are a few key things that all website designing teams should focus on before the user condemns your site for below par UX. Website design vs. UX is a never ending debate. The conflict can only be resolved when the design helps in improving the UX through better security.
This article is written by Joseph Spool. He is the founder of a leading design firm in the US. He has worked with Las Vegas Web Design Co. in the past for award-winning projects. Also, he has guided innovative designers and developers to gift us some of the best intuitive designs we see on the internet today.