5 Ways to Improve User Experience Without Compromising Security

This post will take a high-level look at some of the ways UX and security can complement each other to make for better overall experiences for users.

Minimize third party code where possible

Third party elements like cookies and JavaScript have long been part of the fabric of the web. Although they were designed to help users, by saving preferences client-side and enhancing sites with additional functionality, they have gained a poor reputation in recent years.

Web users and privacy advocates are concerned about the amount of information cookies collect about us, and security professionals are unanimous on the potential risk of embedding third party content in sites.

Because of this, third party cookies and JavaScript tags are rapidly being deprecated across many sites and blocked by most browsers. Both security teams and users will benefit from moving away from relying on third party tags and cookies.

Simplify elements and remove complexity

The more complex a system is, the more difficult it is to secure. Adding complexity often adds attack vectors for adversaries to exploit. From a UX design perspective, complex systems can be overwhelming, confusing or add friction for users.

Try to reduce the number of elements on each page, the number of steps a user must take to achieve their goals, and the number of calls each request must make before returning a result.

Collect less user data

In the current era of the internet, data (specifically personal and behavioral data) is viewed as gold dust. Certainly, this makes sense for sites like Facebook, where the main means for profit is selling hyper targeted advertising based on the demographics of its users.

But the value of the data you collect about your customers must be weighed up against the risk to security and disruption to UX it might cause.

Collecting excessive amounts of data, especially via registration forms, kills conversion rates because customers may be uncomfortable sharing so much information, or may simply not want to spend the time filling in superfluous details that have nothing to do with their desire to purchase an item.

Plus, the more data a business collects, the bigger the target they are to criminals. Adversaries can use personally identifiable information (PII) to carry out identity theft, account takeover on other sites, or financial fraud.

Add password strength indicator to encourage stronger passwords

UX is primarily used to drive sales and keep users on websites longer, but there are additional benefits to UX. It can also be used to deliver important messaging that benefits both the user and the business, such as security advice and notices which can protect users.

For example, an account registration form might enforce a strong passwords policy (e.g., must contain at least eight characters, including upper and lower-case letters, numbers, and special characters). The UX design on this page can make this process frustrating or simple depending on how it is implemented.

For example, a good practice would be to show a colored bar that turns from red to orange to green as the typed password gets stronger. Users could even see the company’s mascot get happier in an animation as they type a stronger password. This has the UX benefit of amusing the customer rather than frustrating them, whilst strengthening security.

Reduce latency overall

This is closely tied to the previous points about removing complexity and third-party tags, as these things tend to add latency to systems.