Good UX Means Good Security

Part of a truly amazing user experience, means paying close attention to security. Users know when their accounts are being properly taken care of and that creates trust.

...

User experience goes far beyond pretty buttons and guided onboarding flows. It starts with the very first interaction your user has with your brand and it never actually ends. Not even after they decide to leave your service and ask for their account to be deleted. Far from it. UX is often thought of in the design sense, but it’s really about customer success.


“Upgrade your user, not your product. Value is less about the stuff and more about the stuff the stuff enables. Don't build better cameras - build better photographers.” Kathy Sierra


Customer success can take on many forms. But at its core, it’s about enabling customers to use your software or service to realize their goals. As the saying goes, “upgrade your user, not the product”. It’s never been more true, but in order to do that, the user must know that they’re safe. This isn’t just having security protocols in place, but going out of your way to make sure the user feels safe.

UX as Reassurance

Imagine for a moment that you’re designing the user experience of buying and owning a car. There’s so much that goes into it, from getting a quote online to visiting the dealership, test driving the car, making the purchase, and eventually the experience of actually driving the car (or living in the back seat of it, if times are tough). There’s literally hundreds of unique pieces that comprise the end-to-end experience from first exposure to the car (i.e. TV commercial, seeing it on the road), to the process of finally parting ways with it (i.e. Selling the car, returning it to the dealership if it’s a lease). Somewhere in that vast expanse of interactions exists an extremely important component: Safety. Not just the actual safety features themselves, but the perception of safety. How safe do you feel behind the wheel of that car while traveling on the highway with 2 kids in the backseat? This important distinction can profoundly affect the purchasing decision of a particular model or brand.

And it’s no different for software, especially for services that store very private information, financial data or credit cards. Users need to know that their information is being handled with care and that’s a big piece of the user experience that isn’t often front and center to the user.

When Shit Hits the Fan

Thelast email you ever want to send is the one telling your users that their account has been hacked. Not only does this irrevocably damage your brand, but it breaks trust with your users. Trust is a key piece of any user experience. Can I trust that a service I use will be around for a long time? Can I trust that they’ll keep my information safe? If I can’t trust the way they handle their security, how can I trust them with other parts of the offering?

Trust is a cornerstone of UX and being very up front with users about the security measures you take provides that crucial reassurance. For example, when an app forces you to enable two-factor authentication, it often feels like a chore to setup and can be a cumbersome process. It can be straight annoying sometimes to the average user who doesn’t fully understand two-factor authentication. But when a company asks you to do this, it shows that they care about security and are willing to hurt their own conversion metrics to decrease the likelihood that your account gets compromised.

Now more than ever, the risks associated with poor account security are growing. COVID-19 has ramped up remote workforces, making inroads for cyber attacks so much easier than ever before. According to ID Theft Resource Center, there were 11,762 recorded breaches between January 1, 2005, and May 31, 2020. And keep in mind, 95% of all cybersecurity breaches are caused by human error. (Cybint). So the big question is, how do we protect our users from themselves?

Building a UX That Empowers the User Through Protection

It’s one thing to build a moat around a city, but it’s another to arm it’s citizens or train them to protect themselves. With userbases of all different sizes, we need solutions that empower the user to protect themselves. This needs to be relatively easy to setup, ideally mostly invisible to the user (after initial setup) and actually effective. While two-factor authentication isn’t always a viable solution, companies are finding other ways to let their users know their accounts are secure.

Account Confirmation

Most services today will ask you to confirm your email upon signup. While this feels a bit like a nuisance at first, it’s an important step in keeping your account secure. It’s not difficult for someone to create an account using your email and then doing things on that account that you would never do. Even nefarious things that could land you in trouble. When brands ask you to confirm your email, remember that they’re doing this for both your and their safety.

Slack Email Confirmation

Suspicious Login Notifications

We know a thing or two about this one. In the absence of two-factor authentication, a great way to protect your account is by notifying you of any suspicious activity. This includes log ins that happened under other-than-normal circumstances. Sometimes a user will login from a strange location (other than one they normally login from) or from a device not recognized. Major social networks send these notifications out quite frequently, because attempts to take over accounts are so common. Once someone has access to your account, they can change your password fairly quickly and you won’t be able to get into your account anymore.

Instagram Login Detection

When a company sends you this email, it’s intended for very technical reasons, but it has an amazing UX side effect. It lets you know that this company is taking good care of your account and that your access is kept safe. As part of the entire UX picture, this creates a trust with the brand that goes beyond simply saying “Don’t worry, we’re secure”. The email notification itself creates reassurance and proves the service cares because they actually took the time to send you this important notification.

Account Privacy Checkups

A great practice for keeping accounts secure is doing security "checkups". Google is famous for this and will constantly nudge users to make sure their account is easily recoverable and all security features are enabled. They often prompt users about this right after logging in or even via email at some point. An email from them asking you to keep up your security hygiene is a very nice reminder that Google does in fact care about your account security and takes it seriously.

Google Privacy Checkup

To Conclude

A safe and reliable experience builds the foundation for a great UX. It creates reassurance for users and customers and also makes it possible for them to reach their goals. Every measure taken might mean a bit of extra effort, but when all put together it keeps your users protected from the growing threats that exist today online. Layering security measures and making your users fully aware of it, creates a long-lasting trust that won't be easy to break.

Let your users know you care.

Secure your users accounts with a few lines of code.