Addressing security as a UX design challenge is like taking a long look in the mirror. While the average IT pro is more security-aware than the average person, no one is perfect. For instance, do you actually read app permissions? If yes, you’re in the minority—many users suffer from desensitization and straight-up ignore government-issued recommendations to review permissions carefully.
Even if you do play 100 percent by the rules, sheer manufacturer error is always a possibility that can land you in hot water. Case in point: Remember the time at least 3 million brand-new Android phones were shipped to US consumers with backdoor malware installed? Or the time some 122,000 routers with really, really confusing firewall settings ended up misleading users into opening them up to public access during the setup phase? Just because a product allows you to play Pokémon Go, connects to your network, or has a really sleek user interface doesn’t mean it’s secure.
Does security = clunky UX?
We’re at a weird point in consumer and enterprise technology where rapid adoption may outpace the rate at which companies can produce secure products. Businesses are set to deploy more than 8 billion connected “things” in 2017—and there’s no way every one of them is pristinely secure. Most of those devices (and the apps that come along with them) are designed to be easy to use—and that may make them wide open to hackers.
“In information security, we often feel that there is a compromise that needs to be made between usability and security—they can seem at odds,” writes researcher Kim Crawley. Crawley’s right: There’s definitely a perception that secure design means a UX will feel laborious or locked down. Fortunately, IT pros can draw inspiration from real-life examples of UX that make people feel happy and protects their data without feeling “too secure,” if there is such a thing.
Understand that people are really tired
It’s not that the average IT pro or end user isn’t scared of hackers, it’s just that everyone interacts with technology so heavily and constantly that they’re drowning in warnings and alerts. No one knows this better than IT pros in the business of building systems like electronic health records (EHR) and medical decision support systems (DSS). After Children’s Hospital of Philadelphia switched to a new EHR in 2012, their doctors were hit with an obscene volume of alerts, and they got used to ignoring information that was generally unimportant. But then, a potentially lethal dose of medication was given to a patient, because an alert that actually mattered got mixed up among too much “nonsense.”
Many of the UX principles used to control patient safety among alert-fatigued physicians can also help IT pros support desensitized end users. Health IT companies can make it impossible to override certain warnings and distinguish between “moderate” and “severe” warnings. UX principles, like color, texture, and microinteractions, can also support your need to get people to pay attention to security warnings when they really matter.
Assume no one’s reading your permissions or controls
As a baseline, your apps and products should default to security first. Users may need to take certain actions, like changing the default password, but as a product designer, it’s always smart to assume no one will ever mess with security settings unless they absolutely need to.
Think of Google Docs, everyone’s favorite free, cloud-based alternative to other office products. As UX pro Gwendolyn Betts points out, Google Drive products make it easy for users to secure their documents and simple to share them in secure ways by letting users choose whether people can simply “view” or “comment.” Taking inspiration from Google, consider how you can default to privacy when it comes to data sharing.
Design thinking matters, and understanding your users deeply can help you understand exactly how they feel about security. Betts recommends that product designers take their users’ understanding of security and use it to inform educational microinteractions, which are defined as tiny communications that help people make smarter choices. Think of scroll-over text that explains why passwords should contain a mixture of letters, special characters, and numbers to help users make better choices during account setup. You could even convince your users that 5up3rM@N isn’t actually the best choice for a password.
Simplify security in UX design
Ultimately, you’ve achieved the sweet spot in security and usability when you’ve achieved tech that not only works really darn well but also makes security easy. Security shouldn’t be an afterthought in design, but it also shouldn’t make users feel like they’re fighting through it to get what they need to finish the job. HP secure printing solutions don’t just make it easy to print documents super-fast—they also contain embedded security features that actively monitor for threats and respond immediately, even segregating potential threats from your company’s network. Security isn’t just a default or the easiest route, it’s baked into the design of some of today’s smartest products.
By considering more than just a sleek UI and fun design, you can achieve the sweet spot in secure UX design: products that make secure behavior the path of least resistance. By understanding your users, their sophistication, and the fact no one wants to get hacked, you can encourage secure behaviors and even protect your users.