Why Mobile Security Relies on a Great User Experience
August 30, 2017 No CommentsFeatured article by Cher Zevala, Independent Technology Author
There’s no doubt that mobile security is a significant concern for individuals and for businesses. In the age of BYOD, organizations simply cannot ignore the risks that come from individual devices — and even consumers themselves are beginning to realize that their beloved smartphones and tablets are a target for cybercriminals. However, as mobile security has become a priority, so has the perception that it takes precedence over everything else, including usability. That’s not to say that user experience is more important, but most developers have struggled to find balance between the two.
The result, as you might expect, has been a battle between the two concepts. In other words, developers by and large have determined that you can only have one or the other. Want a great UX? Then you might have to give up some security features. Is security more important? Well, then you can expect the UX to suffer, and it to be just a little bit more difficult for people to access and use your product.
It’s becoming increasingly clear, though, that this is a false dichotomy. It is actually possible have both a great UX and effective security. In fact, some might argue that to have effective mobile security, you should create a great user experience.
Why User Experience Kills Security
For most mobile device users, security is a concern, but not as important as accessing the information and apps that they need and want. Ask yourself: Do you sign out of your apps before you close them on your mobile phone? If you’re like most people, the answer is probably no. Very few people log out of their email, social media, or other accounts before they close the app, making it easier to log in next time.
This is all very convenient, but what happens if your device is stolen? If your phone is not password protected, the thief immediately has access to your entire life. Even if you did log out of your apps, if you have your credentials saved, a thief can access everything with just a few taps.
Now, the knee-jerk response to this issue is to make it impossible to remain logged in (which some apps do, automatically timing out and closing when a user doesn’t do anything for several minutes) but for many users, this is unacceptable. Having to log in, or reconfirm your identity every single time you want to check email or send a text can become annoying. More importantly, as some security experts have pointed out, by creating extra “hoops” for users to jump through any time they need to access information, you are only increasing the chance that they will find a different way to accomplish their tasks – and in many cases, these workarounds create greater security risks. In short, if security has a significant impact on the usability of an app or device, it’s going to eventually make the system less secure.
Finding the Balance
Maintaining mobile security requires finding a balance between security and usability. Ideally, users would never have to authenticate their identities or log in to their apps, and could access whatever they need, whenever they need, without any extra steps. And ideally, hackers would never go after data.
Obviously, we don’t live in this ideal world, so Android security is a must. The question, then is how to achieve that security without annoying users to the point that they either look for a workaround, or forgo using an app or device altogether. Some of the ways this is being accomplished is by addressing the four C’s of user experience: Convenience, Customization, Context, and Consistency. In more practical terms, this includes:
– Moving away from username and password conventions toward biometric and token-based authentication
– Considering the actual needs of the user, and designing a security experience that is seamless and non-intrusive
– Designing security systems that are clear, use easy-to-understand language, and have adequate help options and tools for advanced users, while still being easy for novice users
– Adding layers of encryption
When developed with the end user in mind, these security measures can feel seamless and in some cases, improve the overall user experience.
The risks to mobile security cannot be overstated, but protecting against them doesn’t have to mean that it’s difficult to use a device or app. It’s time for developers to consider both security and experience, to reduce risks and improve customer satisfaction.