Security and Usability

Enterprise Mobility

Security and Usability

By Michael Stanford  |  May 12, 2014

Why can't I see my password when I type it in on my phone? My phone is a few inches from my face and nobody is looking over my shoulder. It is extremely easy to hit a wrong letter (or miss a letter, or tap twice by mistake) on a tiny touch screen. The gain in security from hiding the typed password is far outweighed by the loss in usability.

Mobile user interfaces are still loaded with user interface howlers like this. Another is when I am forced to type in without spaces a sixteen-digit number. The human mind is incapable of registering sixteen digits at a glance, so your eyes have to go back and forth from the card to the screen several times as you type the number. So why don't apps and web forms let you type in a credit card number with spaces, the way it is printed on the card? Presumably it started decades ago with one lazy COBOL programmer who couldn't be bothered to add one line of code to strip spaces, and was never questioned since, resulting in man-centuries of cumulative wasted time for users.

Usability and security must often trade off against each other. For example, having to type a password is a massive blow to usability, but some kind of authentication is a foundation of security. People understand this trade-off, and are willing – even eager – to put up with inconveniences in the interest of security. But we are daily faced with pointless inconveniences imposed either to give a false impression of improved security, or because a programmer was too lazy to do the job right, or both.

If you happen to find yourself involved in the design of a user interface, please do the world a favor and refuse to take security as a justification for user interface burdens without a clear and compelling explanation of how real security (as opposed to a feel-good false impression of security) is improved, and weigh this improvement against the increased burden in usability.

Michael Stanford (News - Alert) has been an entrepreneur and strategist in VoIP for more than a decade. (Visit his blog at www.wirevolution.com.)


Michael Stanford has been an entrepreneur and strategist in VoIP for more than a decade. (Visit his blog at www.wirevolution.com.)

Edited by Maurice Nagle
blog comments powered by Disqus