A usable and secure system begins with understanding people - both the wanted and unwanted.
In the past month there has been a number of security scandals rocking New Zealand including the Wheedle website and WINZ kiosks. Their systems could be 'infiltrated' with just a squideon of geek firepower.
While the finger has been pointed at technical and testing teams, user experience designers can (and should) play a role in helping to avoid the design and implementation of unsecured systems.
This can be achieved by creating a user profile, or persona, of a hacker.
In fact, you might have two personas. One for the mischievious user with a little bit of technical knowledge who decides to "have a go" at your system (but will soon give up if there's nothing obvious they can break) and one for a savvy hacker who may try and infiltrate your system via the back door.
The great benefit of personas is that it gets the design and development team out of their world and puts them in the shoes of a user. Back in 2006 I shared a technique where a member of your team can even role-play a user through method acting.
While acting out a hacker geek is probably best left to experienced testers and automated testing tools, you can certainly play the role of the mischievious user. Just imagine you're a curious kid who wants to play a prank on your system - see if you can break it or infiltrate - and use your imagination!
At Click Suite we always consider what might happen if a user intentionally or accidentally breaks our system.
Most of what we do requires basic security such as passwords to enter a content managed site, or protecting interactives in environments such as museums.
In the cases of interactives in public places we 'lock' the screens and box-up the keyboards and computers in cases under a physical lock and key. We also design the software so if (in the rare cases) it ever crashes, the software will immediately reboot.
At times our interactives need a keyboard. Increasing we make one available via the touch-screen but if a physical keyboard is needed we disable any key combinations which will allow the user to exit out of the application or switch to the file system.
For some clients we even supply a customised keyboard with a limited set of keys.
So, we find it mind-boggling that sophisticated online services and kiosks can be 'hacked' so easily when we take these basic security precautions for games and educational interactives.
A usable and secure system can be helped along, in part, with user-centred design approach. Profile your most unwanted users and act like them on your system. It will help clarify the level of security needed for your system and perhaps identify issues you hadn't even thought of.
IMAGE CREDIT: Digital Trends