Usability in a secure environment
We all want easy access to our data and applications, but on the other hand, we want to make sure that our personal information and credentials are safe and secure. It’s a challenging task for a software designer to find the right balance between usability and security.
In a modern application, most software designers will lean towards usability. Very few implement more security than the default HTTPS and the rare two-factor authentication. The security will have even a lower priority when insensitive data is involved, like our Facebook likes.
Most regular applications authenticate with username or email and password, sometimes not even storing them properly, with 8 major data breaches (and those are the ones that are made public) in December 2017 alone. The more secure applications enable two-factor authentication by adding a step through a different channel, such as google OTP (one-time password), via SMS or email. Though this means a user has to register a device or email prior to being able to login and needs access them every time he/she wants to login. Some larger and or smarter companies are currently even using machine learning to strengthen their authentication.
Security is of paramount importance because of the difference between authorization, authentication and identification: does this person have the right to do this, verifying to be this person and claiming to be this person. Anyone on the internet can listen to your traffic and find a way to steal your credentials, thus he can identify as you and pass the first level of authorization. However, with more security layers, he will need your phone, email or even typing habits to circumvent the two-factor authentication.
But, and it is a massive BUT, most people do not want the hassle. Even when the trouble is minor compared to the risk you’re exposing yourself to. When security gets in the way, people either stop using services, or work around to defeat the security. High quality user experience has always been an important part of any digital product, but now that the digital native generation is entering the workforce it becomes even more essential. This generation grew up alongside technologies and they will not tolerate nor use inefficient and difficult software. They have much higher expectations and software vendors have to keep up with them to stay relevant. This is why Facebook is “out” and Instagram is “in”, they have completely different levels of usability.
Balancing these two facets of software is difficult but also one of the most important tasks of software designers. The better experience the software provides, the more people will keep using it, but also complain less. A user-friendly error will not result in a complaint while an unusable security interface will. A well-balanced piece of software will provide the maximum level of security, while keeping the interface usable, clear and without obstructive steps for the user.
With ProcessMaker IDP, we want it all. We want a secure application, complete with a user-friendly interface that does not need manual nor difficult authentication steps. Security is our #1 priority, since we are handling very sensitive clients’ data. However, we also don’t want to compromise on a great user experience. We are able to find a perfect balance between these two, by creating the security steps that are reliable and not bothersome.
Our customers will have the most secure environment possible, while still having a simple and clean user interface. Filled with features, which will make it usable for all: a smart search bar finds all the documents you seek and drag-and-drop functionality gives an almost desktop application-esque feel. Meanwhile, a full security suite will run on the background, invisible to all: retrieving encrypted document and decrypting them on the fly, exchanging encryption keys in a secure manner and ensuring no-one can see the content of your private documents even if they have access to all your internet traffic.
We believe that security and usability don’t have to be a trade-off, and with ProcessMaker IDP we prove it.