Monday, February 11, 2008
Can UX be a Boomerang?
I kept thinking about the Jared's point of view about another security -vs- user experience trade off.
In this case, Jared stands that you can't require the same security for a "Magic tricks Forum" and for a "Bank website". I agree with that. I really hated when Mingle asked me for an ultra secure password for a trial version I wanted to use in my network. Everyday I wanted to login into the system I had to try several password... Well, at least I was feeling lucky® they decided no to block my account in the process :)
However, I think you can't put everything in the same bag. He was using this argument to say that applications should specify what was wrong when the login has failed (was it the username or the password?). The usual behavior is a message similar to this one: "Either your username or password is wrong, try again! Did you forget your password? ".
This kind of messages goes against the UX because it's imprecise. If you are more precise you can help him (and others trying to log in) to solve the problem. But, it's also true what me and others argued about how we -as users- manage usernames and passwords everyday. To make it short, users have the same passwords and usernames all over web, in different sites. I do that and many people I know do also. Ok, my bank web site password is not the same that the blogger's one.. but I cannot be sure about other "not-critical" sites. I can't even remember all the sites I am registered in!!! Can you?
The point is: can you forget security issues if you are designing the "Magic tricks Forum" when you know it is the actual behavior of your users? Lets put it in another way. What happen if some of your user's account is hacked (sometimes all they need is the username because it's a valid email), and this information is used to steal more important data of him in other site? Ok, it's not totally your guilt, but, couldn't you avoid it? Can you just blame your user because of his uninformed behavior? I don't think so. How will your user feel about your site? Do you think he will just guilt himself or will your site also pay the penalty? The second one is more probable and for sure your team will look incompetent.
You know, sometimes UX is indirect. You can just try to improve it but you may end provoking a terrible headache for your user in name of it. Although in this case you may share the guilt with your user, if something happens, you can be sure you will pay for it because -as always- bad UX has more publicity.
If I were you, I would stay defensive to avoid boomerangs.
Labels: Internet, Technology, Usability, UX
