by Will Dages
Last week I spent 3 days surrounded by all things UX (user experience) at the 2012 Midwest UX Conference in Columbus, Ohio. This relatively small conference was packed with valuable content, and populated with a crowd willing to share knowledge, tips, experiences and techniques.
After thinking about what I should write about for this post (and looking back over my 20+ pages of notes), there was one unexpectedly-awesome 20-minute presentation that is still at the top of my mind. What I took away from this short presentation is the thing that resonates with me the strongest a week later: the notion of UX practices being applied in broader, more creative ways.
Usable Security: It Isn’t Secure If People Can’t Use It
Presented by Darren Kall
Clocking in at only 20 minutes, I unfortunately walked in to the presentation 5 minutes late (I was sidetracked by saving 34 school children from a burning bus). I walked in just as Darren was recalling a story about being interviewed by FBI agents after he hacked into a government system. I remember thinking, “You, good sir, have my attention.”
He tied the story perfectly into an example of why UX belongs in security. He recalled the FBI agents asking him a bunch of “how” questions, instead of “why” questions. They never inquired as to what motivated him to do what he did, or about his problem-solving process when he hit a snag. Had they taken a UX approach to their security, they may have done more than just patched a hole (the reverse-equivalent of ‘adding a feature’), they may have been able to identify patterns that would lead them to a better overall security strategy (the reverse-equivalent of building towards goals, not features).
Call me naive, but I came into the conference only thinking about user experience in relation to software. To me, UX considerations orbited around a user interacting with a screen or device. Darren did a great job at flipping that notion upside down. I had never considered that my UX work could or ever would extend beyond the screen. Darren talked about how many security issues are linked to problems brought about by the people in an organization. For example, IT tells employees that they need to have a 20-digit password with at least 3 numbers, 6 capital letters and 4 punctuation marks, and requires it to be changed every 3 months. Is the company more secure with these new Fort Knox passwords? No, because now everyone has a post-it note on their monitor with their password written down because it’s not realistic to memorize.
By pairing UX professionals with security professionals, better policies, experiences, and ultimately better security, can be achieved. To paraphrase Darren, “Security issues, at their core, are human issues. Human issues are our thing.” Who better to help solve these issues?
Darren triggered some radical thoughts. His ideas got me thinking about what UX work really is, and I started to think about the potential of this practice permeating more areas of our culture. His presentation got me to think of UX as being more than crafting a great experience in software. It’s about crafting great experiences in workplaces, voting booths, airports, and living rooms. The tools we have to solve problems, design solutions, and help people should be extending beyond the screen. I’m looking forward to seeing how else user-experience-centered practices will be applied in unexpected ways.