August 5, 2009

Usability and Security

Don Norman has written a thoughtful essay on usability and security. He writes:

The more secure you make something, the less secure it becomes. Why? Because when security gets in the way, sensible, well-meaning, dedicated people develop hacks and workarounds that defeat the security.

Security and usability often seem to be at odds. But if you want to make a system secure, you also have to make it usable. If security makes a system less usable, people will find a way to disable or impede it. They will habitually ignore popup warnings, disable firewalls, type passwords into normal text fields and then paste them into password fields, use the same simple password on every site, stick post-it notes with their login information to the screen, and avoid updating the operating system and their anti-virus software.

You can’t make a system secure without also making it so usable that people won’t actively defeat the system’s security.

If you require a short url to link to this article, please use http://ignco.de/136

designed_for_use_small

If you liked this, you'll love my book. It's called Designed for Use: Create Usable Interfaces for Applications and the Web. In it, I cover the whole design process, from user research and sketching to usability tests and A/B testing. But I don't just explain techniques, I also talk about concepts like discoverability, when and how to use animations, what we can learn from video games, and much more.

You can find out more about it (and order it directly, printed or as a DRM-free ebook) on the Pragmatic Programmers website.