Security by Design and Better User Experiences
“123456” is the most popular password of 2020, according to NordPass. Skipping down the list, the fourth most popular is “password,” and it takes less than a second for a hacker to crack them.
People choose easy passwords because it’s difficult to remember complicated ones. In response, websites and applications mandate increasingly convoluted password requirements, which makes them harder to remember.
So what’s a user to do? Write it down? Save it in a document on the computer? Email it to themselves? Users trying to cope with unnecessarily complex security measures creates opportunities for compromised security.
Instead of setting up users to fail by imposing overly complex security measures, organizations should rethink how cybersecurity is implemented from the start. By applying design thinking principles to cybersecurity, companies can make their products and services more secure, easier, and more convenient to use. Writing in Forbes, Rajat Mohanty states that systems should be designed to take into account the needs and behaviors of actual users:
“This design thinking principle fits naturally into information security. After all, nearly 90% of breaches are caused by negligent user behavior,” maintains Rajat. “Design thinking tells us to seamlessly blend cybersecurity controls into a user’s environment and to pay particular attention to smoothing out any complications or personal considerations that might complicate adherence. It takes these concerns seriously and designs a solution that corrects them, instead of wishing users would just follow technically perfect security controls that never survive contact with the real world.”
Addressing the needs of employees, customers, and other stakeholders during the design process will improve the product. Most users would say that taking the pressure off them to keep track of dozens of passwords would be a definite improvement. Some alternatives include two-factor authentication through a PC or a smartphone, fingerprint recognition, and even facial recognition.
The time to implement well-thought-out security features is not during the crunch to finish a product. Designing for security should start at the beginning of the development, not addressed by tacking on features at the end. Ultimately, developing the product with security in mind also saves money. It’s more expensive to tackle and solve security problems late in development.
It’s not just products that can be designed to be more secure. Businesses can benefit from developing, onboarding, and training processes to improve cybersecurity. In our blog, A Positive Guest Experience Starts with Promising Secure Data. It’s noted that more than half of breaches reported were related to phishing attempts, resulting from cyber-criminals stealing an employee’s credentials through a spoofed email. It’s essential for new and existing employees to be better trained to recognize and report suspicious emails.
Ultimately, designing with security and the user in mind produces safer, easier-to-use products and systems. It improves the customer experience, benefiting everyone.