Bad UX Design Always Leads to Compromised Security

Written by

According to Jared Spool; writer, researcher, and founding principal of User Interface Engineering, “If it’s not usable, it’s not secure.” That is, if you put protections in place on your website and app, but it’s not intuitive to the user (like a randomly generated password they must remember), it will indubitably become insecure.

A great example: Kanye’s infamous all-zero passcode to unlock his smartphone device. The passcode system isn’t usable so customers resort to shortcuts, therefore, it’s not secure. As such, we’ve seen smartphones switch from passcodes to touch ID and facial recognition and by improving the user’s experience, they have significantly improved security.

Great UX fosters loyalty
User experience designers are tasked with solving the issues that plague so many websites and apps. They need to make a tangible experience out of an intangible product. When you go into a clothing store, products are placed so that you have a clear sales journey. You start at the entrance where new arrivals and sales greet you. Then, invariably, a sales rep guides you through the store, highlighting items that need to be moved, popular items, and then upsell you by the cash register with accessories.

UX designers make a digital journey, with the help of user interface designers, feel as real as possible; directing users clearly and concisely from start to finish. This greatly increases brand loyalty, creates a feeling of trust, and promotes a perception of quality. This creates a frictionless experience that is less likely to result in irrational or emotional reactions rooted in frustration and confusion.

Poor UX design is easy to copy
Poor UX carries far more severe consequences than bad taste and an odd color palette. A site that responds poorly to the user and barely functions looks fundamentally the same as a site intended for phishing. 

Phishing attempts, or attempts to gain coveted data through faux messaging, commonly resemble those sites that look thrown together in a back alley on a dare. 

Avoiding this symmetry requires that your UX should be designed in a way to evoke legitimacy and security. Not being able to distinguish between the less than magnanimous and the companies that provide actual services would be a nightmare for the consumer. Instead, designing a high-quality UX site will lead to safer operations for both you and your consumer. 

Typically, websites with frequent glaring spelling errors are spoof sites dedicated to extracting unsuspecting user information. Correct grammar and sensible placement of your buttons with uniform font and type are essential in promoting an identity of trust. 

However, there are those sites that offer actual services but have copy that is either cheaply produced or overly boilerplate. It is always worth spending the time to check your site for spelling and content errors that indicate anything other than legitimacy. 

Responsive sites with branded content are much harder to mimic
Ideally, your UX is such that a user could easily spot a cheap imitation or malicious spoof. Along with responsiveness and spacing, the branding of the site matters just as much when taking UX into account. 

Consider the UI of a site: when the branding for the company is finally agreed upon, the design of the interface will directly reflect that brand. The same is true for the UX, users should be able to come to your site and gain an understanding of your brand's mission just by exploring the site. 

A site that doesn’t overtly convey its branding is much easier to mimic and therefore spoof. A strong brand that is consistently reinforced throughout the site will stick with users longer and will make your brand a trusted entity. 

Un-optimized design frontloads security measures. 
Password information is asked immediately. Authentication is immediately required. While you may think this is the most secure policy, it invites unnecessary risk. 

This kind of policy makes users more susceptible to identity theft. Imagine while you’re browsing through products on an e-shop and you’re immediately asked for credentials. If these credentials were to auto-fill, onlookers could easily steal that information. 

Sensitive information should be saved for the end of the user journey. Ease of use and security are both benefitted as a result of increased privacy and less burdensome experience.

Risk reduction is built into a good user experience. Options are easy to understand. Navigation is easy. Unnecessary information is excluded. Users are not forced to log in until it is necessary. Ideas are communicated clearly and concisely. There’s no question about the action the user is taking.

When you make things with the user in mind, you create experiences that are free of frustrations and therefore free of loopholes, shortcuts, and security flaws.

What’s hot on Infosecurity Magazine?