Design for End-User Security

In one of the recent project I worked with; much of the emphasis was given to ease of use, user satisfaction achievement while working on the hierarchical user experience modules. The application is idealized to connect remote servers residing as a GUI widget on the user desktop.

One of the crucial concern was: 'addressing security' in information architecture & user experience modules. This was never highlighted as it was regarded as part of application architecture or not in the framework of User interaction design process then. Often information architecture tend to focus more on logical representation of the data & content flow & interaction design tries to achieve ease in accessing desired elements by the end user. Hence user centered methodology is tightly coupled with logical representation & ease of use in element hierarchy.

When we reached usability testing phase, the gray areas were popped out specially when the application was tested with mock user security settings. Giving us a realization that user interface modules need to address very basics of security & users' expectations and system behaviour. This may not be applicable to soft applications which doesn't deal with security or nothing to do with desktop authorization settings, but the aim is to gather front end user data & understand 'consumer' behavior. The user experience prototypes & models were tweaked to represent the feasibility of accessing security related settings.

Meanwhile, I found an interesting principle of interaction design in which 'End-User Security' is a prime concern of user experience module. Though dated, it has some good take away tips whilst designing interfaces for security focused applications:
It is critical to emphasize that security be perceived as easy to use by users, not designers, software developers, or system administrators. Actual behavior is the only definitive metric for whether users perceive the benefits of security to outweigh the costs. Security must be useful enough to warrant the extra learning time and any additional ongoing effort over using a different system with less security, or using the same system insecurely.
>> Principles of interaction design for security

0 comments: