Author: Scarlett SidwellIn my previous article, I discussed the outstanding user experience Universal Studios provides to its customers while maintaining an extremely secure, well-monitored amusement park. It was literally a use case on how to integrate security into an overall satisfying customer experience. There is no reason why this should not be applicable to the virtual world as well. So today, I’m going to discuss one of the most critical user experience issues in security, and how it can be improved: Account Registration.Account Registration is an extremely critical activity on many websites. In most cases, it has a direct impact on a company’s conversion metric and given this, such an activity needs to be frictionless. But, this is rarely the case. To make things as easy and user-friendly as possible, we need to focus on improving the following areas:
Unique Usernames
We are often asked to provide a unique username for a new account. This process needs to be as smooth as possible. However, companies often place a ridiculous amount of restrictions on what the user names can be:
Between 6 and 12 characters
An upper case letter
A lowercase letter
A number
This does not help the user chose a username that they are likely to remember. Quite the opposite, as a matter of fact! It forces them to create weird usernames that are often not in natural language, mean nothing to them personally and aren’t even close to anything they might be using elsewhere. That means they constantly click the “Forgot Username” link when they log in, or that they don’t log in at all.The sad fact is, most users already have an email address, which, in itself, is unique. So why place these ridiculous restrictions on users? Allow them to enter a unique username or email address to create their account.
Or, an even better experience, allow them to log in with their Facebook, Twitter, or Google login credentials. This practice has become common enough, that in today’s day and age, people expect that option.
Password Restrictions
The most frustrating thing that can happen when a user tries to create a password is to receive a vague message that the password entered isn’t good enough. Something like “Invalid Password!”, or “Not a strong enough password”. If the user isn’t informed on exactly what is wrong, how can they correct the issue? And, if a password for their account can’t be created, then they can’t complete the registration process- again, a loss for their conversion metric.So it’s always a good practice to tell your users the rules and regulations for creating a password. Minimum length, what character combinations are required, what characters are not allowed, and the maximum length if one exists. Even better, inform the user of the criteria they are meeting as they type, so they know when the criteria have been met.
reCAPTCHA
Most of you know reCAPTCHA is the tool provided by Google to detect if users are a malicious bot or a real person. Most probably, the reason you remember reCAPTCHA is that the original version was painful. Your users would have to look at grainy photos of warped letters and numbers, trying to depict what they said, so they could complete your form. Although improvements have been made to this technology to make things more user-friendly, it can still be pretty annoying and frustrating.Try to avoid using this technology, and other similar technologies as well. There’s no doubt in my mind, that as an industry, we need to find better solutions to these problems. We can create tools that measure the speed at which we type. We can implant hidden fields to trap bots. There are probably many innovative solutions out there that can be explored. The only thing required is to focus on user experience and make that investment.Addressing these three issues is not going to completely alter our user experience to the level seen at Universal Studios. However, it’s a significant step in the right direction. Too often we let these little things slip by because “if it’s security, it’s not going to be a great experience”, but trying to improve and change our mentality about security can yield several important benefits.
Scarlett Sidwell is a senior consultant in Sogeti USA and serves as Sogeti USA’s National User Experience leader. Read more Sogetilabs blogs here.
SogetiLabs is a community of over 120 technology leaders from Sogeti worldwide. SogetiLabs covers a wide range of digital technology expertise: from embedded software, cyber security, simulation, and cloud to business information management, mobile apps, analytics, testing, and the Internet of Things. The focus is always on leveraging technologies, systems and applications in actual business situations to maximize results. SogetiLabs provides insight, research, and inspiration through articles, presentations, and videos that can be downloaded via the extensive SogetiLabs presence on its website, online portals, and social media.
Operations of the Virginia Attorney General's office were reported by the Richmond Times-Dispatch to have been significantly impacted by a cyberattack this week, which took down most of its computer systems, according to The Associated Press.
Widely known personal data leak platform Doxbin was reported by vx-underground to have been purportedly compromised by the Tooda cybercrime group as payback for having one of its members accused of being a pedophile by the leak site's admins, according to Cybernews.
Hackread reports that widely used artificial intelligence-based chatbot OmniGPT was allegedly compromised by the threat actor dubbed "Gloomer," who proceeded to leak over 34 million lines of user conversations and 30,000 user emails and phone numbers.