Why better security requires better UX
The current state of internet security, which requires everyone to juggle multiple passwords and logons, makes password-protected systems inherently insecure. This recent post on Techcrunch, worth reading for its amusing meme alone perhaps, might be attackable on technical grounds – and indeed, it gets heavily whaled on in the comments field – but makes an important point.
‘[Having] multiple applications in use across various platforms … means we are forced to remember far too many passwords. This causes people to use silly ones like 1234 or the same password across multiple sites, not even attempting to be secure.’
To put it another way, making things easier for users makes a system more secure.
Apparently, the average person has 17 personal passwords and 8.5 work passwords (though I’m not sure how much use 0.5 of a password would be to anyone). Perhaps I am out of the average, but a quick count-up of my own accretions makes 24.5 passwords seem like a conservative estimate.
My password manager app holds about 120 logins, and then there are a whole bunch that are only in my Apple Keychain, others I have (painfully) memorised because they’re too important to write down, and less critical ones that I’ve scribbled down at various times on post-it notes and stuck to my desktop, notice board, fridge or to the foreheads of passing offspring who want to use my Netflix account.
Clearly in my case, the situation is out of control. However, I can’t really be that atypical in finding access management a major source of pain at work, and it is certainly the case that specific categories of professionals face particular difficulties.
Researchers being a case in point.
Scholars of all stripes have particular UX issues with access management, not least those involving institutional logins around remote and mobile access. Making things easier for such users has many benefits, as publishers are increasingly coming to realise – but the user experience (UX) difficulties around access management undoubtedly deserve more emphasis.
Here, with security, is a clear example of UX benefits aligning with business benefits. Improving security is just one of the reasons that HighWire champions single-sign-on access in its publisher sites, and has made it a key part of the company’s forward technology vision.