In Praise of Loose Security
Sometimes, what seems the obvious way of dealing with a problem may not be the best solution. For example, it turns out that if you remove traffic controls from busy city centres and rely on peoples’ instinct for self-preservation, you may get better road safety than if you imposed traditional control interventions (see also “shared spaces“).
There may be a lesson here in the design of online account registration and log in for web sites. Most UX designers assume that any user account system they’re designing for requires as much security as possible. Nobody got fired for being too safe. But this is probably bad design practice, for two reasons: it ignores context, and it’s a missed opportunity to start propagating the cultural change that we all need to make when it comes to online security. The latter is surely the ultimate aim of UX design – not only to design individual systems, but in doing so, bring about positive changes to people’s lives.
The first problem with assuming a Fort Knox mentality to registration and signup is that it may be completely inappropriate. If all somebody wants to do is leave a comment on a story about a celebrity’s night on the town, choosing an acceptable name and password pair, responding to email verification and making sure they remember password reset questions are just some of the things they’re expected to navigate. All this is now also likely to take place while having to manage dozens of credentials for other web sites as well. Social login and single sign-on systems like Facebook Connect and Twitter may help a bit, but they too have an overhead all their own. For example, if you choose to use your social media login for a new site, will you remember which one of your Twitter, Facebook, Yahoo! or perhaps Google accounts you used when you come back? How will the site in question use your details? How will they display your account to others? Often it’s a leap in the dark, or too much to consider while you want to get something else done that’s much more interesting.
An example of this issue came up during the redesign of the registration process for MailOnline. It was suggested that we have a password strength indicator on the registration screen (“Because other sites do that”). In the context of creating a MailOnline account, encouraging, if not actually requiring, a strong password that almost by definition means you can’t remember it, seems to me like a classic case of bad design. It also seems like bad business if we need to be encouraging people to comment on articles.
So what about a sign-up experience that allows you to bypass some of the pain? By all means, provide Fort Knox options (two-factor, one-time pads, strength indicators, etc.) – but also provide an option not to have a password at all. Just require an email address. With a verification step in between, you’re good to go. If the account gets hacked, you can opt to set a password, because I have control over my email address. And it’s up to me whether I actually care about somebody posting under my (anonymous) alias about how they love boobs.
But the more interesting part of this is whether no, or low, security options might make people think more about online security in general. Just like traffic-calming measures that turn into a sort of security arms race with drivers ignoring ever more road signs and obstacles, so too with online accounts that habituate people into bad practice (eg passwords on sticky notes). Remove the interventions and people may well wake up and take control of the way they think about their data and the trade-off between security and utility.
If you treat people like babies, they will behave like babies. Imposing high security on everything by default may be an example.