Why Web Security and UX Should Compliment Each Other
Let’s talk about web security and user experience (UX). This article is originally from Speckyboy Design Magazine. About the author: Harlon Agsaoay is a blogger, he works currently a Content Specialist for HostingFacts.com and Websitesetup.org. Image courtesy of Sentavio via Bigstockphoto.
With the resurgence of popularity and notoriety of hackers in recent years, it seems that web security has become more imperative than ever. You may not think at first that your little website could be the target of hackers, but you may be surprised that a lot of websites do indeed get compromised when their proprietors disregard security due to that assumption. Therefore, it is certainly in your interest to tighten up your website’s security while it’s still early.
But the thing about web security, especially in platforms like WordPress, is that while it may seem that all you have to do is to lock everything down and make everything airtight, an unfortunate consequence of this could be making your website less user-friendly. This is a legitimate concern, especially if using your website requires account registration. If the web security actually impedes users from doing certain things, then that could be enough for them to just give up and not come back since online users can actually be that fickle.
Therefore, it’s imperative to make sure that the web security and user experience (UX) of your website be complimentary to each other so that you can have it both secure and user-friendly at the same time. The best of both worlds is indeed possible, but only when you know what to look for.
The Concern Regarding Identity Theft
The biggest concern with web security is identity theft. It’s especially important for eCommerce stores wherein financial information is readily available for criminal elements to steal and exploit as they wish if there are no walls and fences to keep them away from it.
That usually means passwords and other secure gates to safeguard accounts, but hackers do have ways around the usual stuff. That’s where a lot of the sophisticated web security methods come in.
Simplicity Amid Sophistication
In order to have those measures in place while still maintaining a good user experience, you have to make the system as simple as it possibly can. Reduce what needs to be done to use the website, organize whatever remains in place, and prioritize the most common choices and emphasize the most important information. By doing these three things, you can offer the most optimal user experience while still keeping the website secure.
Improving on the website’s UX with web security in mind also means working with what you already have as best you can. The good thing here is there’s no need to think that good security comes at the cost of good design as both can indeed coexist. The aforementioned second step—organize—is crucial to this end as it’s simply about rearranging what you have to be easier to use while still putting up the security necessary for the website.
Have the account registration and login be in roughly the same place while still being separate enough so that users understand where to register and where to log into their accounts. Make sure that the registration and login pages are as basic as you can get them so there are no distractions, as well as points of entry that hackers can take advantage of. By keeping these pages fairly simple, you can have fairly good UX without rendering your security weak.
Login and Password Recovery
There’s the issue of entering passwords and what happens when users happen to have lost them. Of course, there has to be some mechanism for recovering an account when unable to log in with a password, but do note that this is where hackers can take advantage of holes in the method of account recovery.
There’s emailing the admin to change or give the password, but that would be tedious on your end and be susceptible to social engineering. There’s also the “Forgot Password” that lets you either change or recover your password via email by answering a secret question or so on, and it works for most websites. However, if you really want full-on maximum web security, then there’s systems like two-factor authentication. That does require quite a bit of setup, but the good thing is that it can be incorporated into your UX without too many problems.
The problem with two-factor authentication is that while it does indeed increase your security and help make users feel secure (there are a lot of users who like this method), it also poses another roadblock in the login procedure. If the entering of whatever is provided by two-factor authentication is more tedious than just receiving a notification and entering whatever code is received, then it will start feeling really tedious and can detract from the UX.
Sensible and Accessible Design
Good design sense can indeed help you meld web security and UX together. Having readable typography that users can read clearly, content and images laid out in an organized and uncluttered manner, media that doesn’t obstruct everything else, and so on. Having a well-designed website lets users get to the important parts easily without having to stare at the screen with eyebrows raised and mouth wide open.
Another reason for having web design that is well-crafted is that everything would look more professional, thus making users feel more secure as it looks like something created and maintained by people who know what they’re doing. If the website looks more like something that harks back to the 90s, then people will think that the web security also comes from that era and won’t feel that safe using it.
Web security reassures users that their information will be kept safe, which is especially important for eCommerce sites wherein personal and bank information are entered regularly. You could just patch up all the holes so no unscrupulous element with bad intentions can get in, but regular users should still be able to easily access their accounts at the same time. Both are needed at the same time, which is where the challenge comes from.