Security by Design and Better User Experiences
“123456.” That’s the most popular password of 2020, according to NordPass. Skipping down the list, the fourth most popular is … “password.” And it takes less than a second for a bad actor to crack them.
People choose easy (and compromisable) passwords because it’s difficult to remember complicated ones. In response, websites and applications mandate increasingly convoluted password requirements, which makes them harder to remember. So what’s a user to do? Write it down somewhere? Save it in a document on the computer? Email it to themselves? As users try to cope with unnecessarily complex security measures, it can end up creating opportunities for compromised security.
Instead of setting up users to fail by imposing overly complex security measures, organizations should be rethinking how cybersecurity is implemented from the start. By applying the principles of design thinking to cybersecurity, companies can make their products and services more secure, easier, and more convenient to use. Writing in Forbes, Rajat Mohanty states that systems should be designed to take into account the needs and behaviors of actual users:
This design thinking principle fits naturally into information security. After all, nearly 90% of breaches are caused by negligent user behavior. Design thinking tells us to seamlessly blend cybersecurity controls into a user’s environment and to pay particular attention to smoothing out any complications or personal considerations that might complicate adherence. It takes these concerns seriously and designs a solution that corrects them, instead of wishing users would just follow technically perfect security controls that never survive contact with the real world.
By addressing the needs of employees, customers, and other stakeholders during the design process, will improve the product. Most users would say that taking the pressure off of them to keep track of dozens of passwords would be a definite improvement. There are alternatives including two-factor authentication through a PC or a smartphone, fingerprint recognition, and even facial recognition.
The time to implement well-thought-out security features is not during the crunch to finish a product. Designing for security should start at the beginning of the development, not be addressed by tacking on features at the end. Ultimately, developing the product with security in mind also saves money. It’s more expensive to tackle and solve security problems late in development.
It’s not just products that can be designed to be more secure. Businesses can benefit from designing, onboarding, and training processes to improve cybersecurity. In our blog, A Positive Guest Experience Starts with Promising Secure Data, it’s noted that more than half of breaches reported were related to phishing attempts, resulting from cyber-criminals stealing an employee’s credentials through a spoofed email. It’s important for new and existing employees to be better trained to recognize and report suspicious emails.
Ultimately, designing with security and the user in mind produces safer, easier to use products and systems. It improves the customer experience, benefiting everyone.