Security and privacy will influence UX Design


Matt one of the writers of Buzzfeed lost his iPhone in 2014. It was the last that he heard of it when he was sipping beer in a New York bar. One year later, he started seeing strange photographs in his new iPhone photo stream, photographs that he had not taken. These were photographs of a strange Chinese man in an orange orchard. Later on, it was realized that the stolen iPhone landed up in China, and the man was still logged in through Matt’s iCloud.

After the Facebook/Mark Zuckerberg privacy issues got highlighted, privacy, security has come to the forefront again. and with it, there are aspects of User Experience Design that UX designers need to keep in mind. I am highlighting a few things below: –

What is security and privacy influenced user experience?

Think of when you go to your internet banking home page. While entering the username and password, you also have options of typing through the virtual keyboard. This is an example of security influenced user experience. The feature has been built keeping in mind security and better user experience. iPhone fingerprint unlock or face recognition to unlock are other features that security influenced user experience. Other smaller examples are when you can toggle between ‘Show password’ in the password tab, as users make a lot of mistakes while typing on the mobile phone.

Moments, where security or privacy influenced user experience, is invoked 

At the time of task flows, it is important to identify those tasks and subtasks that are privacy or security sensitive. Some tasks are clearly privacy sensitive. At the time of putting a password, doing a banking transaction or entering the ATM pin. but there are some tasks wherein the UX designers need to probe with an empathy map on what does the user actually feel. For example, emails are generally supposed to be private, but the design should not be such that a person walking by the computer should be able to read it. Or while a person scrolls through his Facebook page while walking with friends, the design should not be as such that all posts and videos can be seen by the group as well.

Microinteractions to increase trust 

There are various micro-interactions that designers can create to enhance the feeling of security. For example, a locked icon against the web address shows that this a secure website and no harm will come to your computer or phone because of this website. It creates a feeling of trust with the users. Other examples are when banking apps show that we have done extra to secure your online transactions with messaging and icons. On e-commerce websites, there are some items that are confirmed to be original and trusted products are shown with a different icon associated with it. Flipkart has started Flipkart assured for this purpose. Other examples are Twitter, that uses a blue tick to show original celebrity account from the many fake/parody celebrity account on Twitter.

Building trust – how do we do it? 

Designers need to consider all different circumstances that the user may face. Some experiences need to be thought out that increases trust in a user. for example, if a wallet app gets activated on one phone, it needs to automatically get deactivated from the other phone. There needs to be experience built in to confirm on which device the right user is on. This is part of onboarding experience that many designers miss out on. Another example is what happens when a user buys a product online and on delivery, there is a discrepancy in the product received, what is the experience of customer service. These are moments of truth where the user questions the trust of the brand that he interacts with and it is important to build these experiences in the product.

Security Vs ease of use 

In the case of security vs ease of use, in many cases, ease of use wins. The user quickly does a threat assessment and in most cases, users don’t have much to lose. and this where they go for ease of use. For example, when the user enters the password in the app store, it asks if the user does not want a prompt of password for the next fifteen minutes. the designer needs to do a threat assessment for the user as a part of the customer journey and take the decision for the user, when to defer the security prompt UX and when not to.

Written by Shashank Shwet / September 19, 2018