Usability Vs Security: which one can you compromise?

Usability or Security: which one wins? Of course Security! Isn’t that a no-brainer? And sure it is true enough in some situations but, not always. You’ll see instances that display a different view.

It was a lazy Saturday night. We had just finished dinner and had been watching a movie on the television, and were about to hit the sack. And all of a sudden, our security alarm goes off. We were certain nobody had barged in, double checked, the doors were bolted and everything looked just right. The alarm is constantly beeping, it is really annoying, and especially at that untimely hour of the night, you wouldn’t want to take care of some pseudo alarms. We bravely managed to open up that little equipment mounted on the wall to see if we can figure out a fix. There is a keypad, only if we knew what numbers had to be punched. And there of course was no way to call up the apartment authorities at that hour. So we had to endure it for an excruciating thirty long minutes! There wasn’t anything that would in any remote way help us figure out what had to be done to fix it. There wasn’t any visible control to temporarily disable it, so that atleast we could turn the system off for a while. Unable to take it any longer, my friend yanks the cord! Silence prevails at last. It’s been silence from that eventful day. We haven’t fixed the security system yet. So all you burglars out there, you’re welcome to stop by and we won’t even know!

No system is flawless. In the earlier mentioned real-life experience, what I was trying to demonstrate is the fact that usability is as important a component in the overall design of any system and in this case it happens to be a security system. Had the security system accommodated some usability element in it, atleast we wouldn’t have damaged the system.

Shopping for a book…
I go to an online e-store to purchase a book. It’s a very reputed website, boasts great security features that I don’t have to think twice to use my credit card. But, I need to shop first. How easy is my shopping experience going to be? Will I be able to easily spot that book I was looking for? Will I be able to easily add my book to my online shopping cart and proceed to actually place the order?

I enter the e-store. It gives me a warm welcome. The layout is neat and clean and uncluttered, the colors are very refreshing, while being professional. The menus occupy prominent position, although not loudly proclaiming their presence. I can easily locate the search feature to look up the e-store for my book. It also has the browse feature for browsing through the store’s catalog (a feature that a casual browser might appreciate). I choose to use the search feature and I get to this new page that displays the results and also suggests books that I might be interested in, based on the one that I typed in. Well, I choose to just go ahead and buy my book, so proceed to adding it to my cart. It takes me to this new page with the secure icon at the taskbar (which informs me that I’m about to enter the secure segment) It is a one step process. I fill out my contact information and then enter my credit card information and I’m done. The next page confirms the particulars of the order and one more click, and my order is processed. The most important feature was the help icon in the page to assist me if I get stuck in the process. A telephone number to talk to a support personnel if need be, was also listed.

Compare the above experience with what it might have been if the first few steps were a little different. Here is another website, which is none the less secure, has great and maybe even better security features. But, unfortunately, my shopping experience is not going to be the same. I enter the website. I wait and wait and wait…I don’t see anything loading up…after 30 seconds of waiting (which is sure a long wait time on the web), I see segments of the page load up. The page is filled with tacky graphics, animated logos (yes its plural), adorning the edges of the screen space and colors that are remotely related to one another. And in the midst of this graphic clutter, is a navigation clutter. Every text on the page is vying for attention! Everyone’s yelling and there’s absolute cacophony. I’m trying to locate the search box to see if I can find my book. But, forget finding my book, I can’t spot the search box. Added to this is an annoying background music, which I have no way of turning off. Whoever ‘designed’ the page might have started with the novel idea of giving the users a ‘complete multimedia experience’…sound, images, animations and sure enough they had all of it, excepting in the wrong blend. Finally, unable to locate the information I want, I abandon the website. End of the story and my shopping experience.

How good was the security system without a meaningful usable User Interface? Sure security is important, especially on e-stores, but how good is it when you shoo away users at the portal? This is just one example of a situation where a compromise on usability would mean losing potential customers. Sure, you need security for someone to actually make a purchase, but if they can’t browse in the first place, how would they even think of a purchase? Atleast, if the person can browse through your e-store and if the person still doesn’t trust the best secure transaction you designed, he/she can call up the support personnel and place the order over the phone. But, all this is possible only if he/she can browse in the first instance. Research has also found that longer the time a person spends in a store, the possibility of the person purchasing increases. This just reinforces the point that Usability is not something that can be compromised.

Behind the screen…
Usability is not always a key factor, especially when it comes to behind the screen functions which the user in the first place doesn’t come into contact with. For example, the computer’s automatic security update only needs to inform the user that updates are being performed. Beyond that, any further information is not essential. Exposing the intricacies of the process would only lead to confusion. Also, in some instances, making the UI hard to read can keep those curious users from wrecking damage to their own machine without their own knowledge. So, in certain cases, security is best kept when it is shielded by a non-penetrable interface.

Finally…
In situations where the security system has to converse with the user, for it to be used, Usability is as important as the security system itself. A question of compromise doesn’t arise in these situations, as the whole reason for the existence of a security is nullified, if it isn’t usable or understandable enough for anyone to be able to use it. But, in situations where the security functionality, is behind the screen functionality that doesn’t require any interfacing with the users, sure, usability design isn’t a key factor. But, anytime, a system flaws, it has to inform the user in a language that the user would understand devoid of any technical jargon.

Security and usability are parts of a whole. They have their specific places in the whole and each has to perform its task well enough for the entire system to work well.

How good is a wonderful piece of article written in an unintelligible handwriting? Isn’t the whole purpose invalidated? I leave it to you to think about it.