Category Archives: Design

7 November 2012
1 Comment
Architecture, Design, Interaction Design, Security

Showing Passwords by Default on Mobile Apps

Unlocked DoorI just ran across LukeW’s post on showing passwords by default on mobile apps. It’s an interesting idea, at least something to consider.  However, it seems like it is a bit self-contradictory.  On the one hand, he says that showing the password is important because people can’t see it when entering it, that is, because they are looking at the keyboard, they can’t easily see the typical delayed-show characters.  Then he goes on to say that the * approach doesn’t really hide the characters being typed because the touch keyboards show what is being typed really largely.

To me, this begs the question, if it is so easy for others who might be looking over the shoulder to see the keys being typed, how is it so hard for the person looking straight at the keyboard to see them?  A bit contradictory to say the least.

Now I’m all for improving usability, especially for notoriously problematic things like this. But it seems to me that this is, at least, a questionable practice to be encouraging. It’s akin to saying that because there are lock picks, you shouldn’t bother locking your doors. In security, nothing is guaranteed 100%. It is all on a spectrum, and many things are simply deterrents.  Masking the password is one such deterrent.

On the other hand, it is in the context of mobile, and one could argue that yes, it is easier to shield the screen in most cases than it would be with laptop or desktops, as Luke does argue. There’s something to be said for that. The flip side to that is that mobile contexts are more variable and often have more potential security threats than even you know about.  Sitting at your desk in your room at home or in the office, it is not very likely someone will be looking over your shoulder (that you’d be worried about).  Standing on a subway?  Who knows?

As a software architect and interaction designer, I just can’t endorse this practice as a good default. Even if your app doesn’t have sensitive information, it’s highly likely that users will use the same password they use for other things with more sensitive information, and the same email/login.  So while you may think you’re only chancing your app’s data, you are not.  If you want to let people confirm their password is right, go with the optional show password toggle. Don’t show it by default. Security practices are always inconvenient; that doesn’t mean we can just do away with them.

UPDATE (7 Nov 2012 13:57): Luke responded to me on Twitter that the larger concern is security cameras capturing passwords. Good point. Both cameras and people you may not notice are the problem. All the more reason to not leave it showing by default.

He later mentioned someone at Sprint saying they did this who claims “No security issues.” The problem is: 1) just how do you measure that this caused no security issues? Even just for Sprint itself, that seems a tall order to verify.  But it can’t address the other problem I mentioned, which is that 2) people often use the same logins across apps/sites. So if someone captured the login/password combo thanks to Sprint’s unmasked form and they later used it across other popular sites, they could gain access to the individual’s information and Sprint would never be able to track it was their form’s fault. To claim “no security issues” is, it would seem, completely impossible to verify and so shouldn’t be claimed.

Again, the better option is to provide a way to show the password, but don’t show it by default. This makes the user think about what they are doing, and they’ll be more likely to ensure nobody is peeking if they explicitly show their password.  On the other hand, they could very well be looking at the keyboard and type their whole password before noticing it is being broadcast to the world around them. Indeed, when people know that each character shows briefly, they could be more inclined to try to type their password quickly, increasing the likelihood of this problem.  I’m rapidly thinking this should be classified as an antipattern, hopefully before it becomes a pattern.

15 October 2012
1 Comment
Design, Infragistics, Interaction Design, Quince

A UX Manifesto – Presented

This last Friday I had the honor of presenting the keynote for the Tulsa TechFest 2012.  Very well-organized event considering its size–good job to all the organizers and volunteers!

My talk was a talkified version of my recent “UX for Devs Manifesto” blog I wrote earlier this year. It was nice to get it out and share the ideas in person. It seemed to be well received.

Anyways, I said I’d post the slides and a few related resources, so here ya go.

[Original KeynotePPT | PDF ] <– These have notes

In my talk, I referenced a few resources:

Did I forget something?  Let me know!  Also, check out my UX Book List for some recommended books.

Tagged , , , ,
13 August 2012
1 Comment
Interaction Design, Process

Verizon Support & Sales – A Mixed Bag

I don’t seem to have good luck with Verizon’s self-service.  Back in April this year, I started getting notified that my contract (for Fios) was expiring, inviting me to come online and look at options.  I followed this, and here’s what I saw.

First, I see this waiting message:

Verizon Loading Message

And after a second or two, I get redirected to this:

Verizon Error Message

The URL in the browser is https://www22.verizon.com/FORYOURHOME/GOFLOW/Common/LocalBusinessOfficeSR.aspx?Message=BTNNQ-CSR.

Now, having been a Web developer for some years, I tried all the normal stuff that I could do on the client–different browsers, clearing cookies, restarting–all to no avail. It is pretty clearly a server-side error.

So I finally caved and reached out to Verizon support (email). Their initial response was basically “why don’t you call in?”  Well, because I like to see the options in black and white in front of me.  And ironically, when I later was talking to a rep, she suggested that I don’t have to make up my mind now–I could go online and see the same options. :)

After this, I reached out to the (apparently) only capable folks on frontline Verizon Support, @VerizonSupport. They’ve gotten me out of jams a couple times, when dealing with the regular support folks doesn’t help. And they effectively did help, even if it took a few days.  They got the case to the dev team quickly, and it was resolved in a reasonable amount of time. Great!

Problem solved!?  Well, temporarily, it seems. The other day I saw the ad for “Quantum,” which is the new insanely speedtacular options for Fios.  So I thought I’ll go check those out, and I had deja vu–the same process, same error above.

I reached out to @VerizonSupport (via DM–we’re old pals now), and they’re looking into it.  Will update this post with the result of that (actually I’m posting in part to help them–so they can see the error exactly and pass it on)..

Resolved! 14 Aug 2012: Yesterday I could successfully log in and look at my options.  That did not, in my case, solve it for me, as the online tool wouldn’t let me switch to a no-TV option, but hey, the bug was fixed in short order!

Diversion – Interesting Sales Antics Vol. 1

So I was a little impatient to learn about my high speed options. I’ve also more or less decided (with wifey’s support) to ditch “cable” TV and just go straight internets. This happily coincided with the new speed offerings, so I called into 1-800-VERIZON to ask what my options are. The helpful rep gave me some prices and bundling options–of course, it seems like a better deal to keep Fios TV.  For just $N more, you get a BAGILLION HD channels.  Yeah, well, the thing is, I just don’t use all those BAGILLION channels, and I won’t.  And it’s just more stuff…

Anyhow, I said thanks and that I’d think about the options.  I called back later (this was Saturday), and I talked to a nice fella who was eager to help me change from a TV+Internet bundle to a, get this, more expensive internet only bundle. Can you guess what he said to me?

“I see that you signed up not long ago for a 2-year contract for the TV+Internet bundle. Unfortunately, when I try to remove the TV, it tells me an early termination fee will be incurred ($200+). I can’t seem to get an override…”

What? You mean to tell me that I’m offering to extend my 2-year contract to a more expensive internet only option, and you want to charge me an “early termination” fee?

I don’t blame the rep; it is, of course, “the system’s” fault. But how bass ackwards is that?  I’m currently awaiting his supervisor to get back to me as to whether or not they can override the fee.  Of course, I can keep my TV and upgrade the internet part (which is half the speed and $10 more) no problem.  *sigh*

Resolved! 14 Aug 2012: The supervisor who supposedly was going to call me back didn’t, so I called in again yesterday. The rep I spoke to there had me straightened out in less than 10 minutes. No early termination fee; the plan I asked for. Easy as pie.

The Moral

This isn’t a complete rant. I’ve been a customer on and off with Verizon for at least nine years. In fact, I worked as a consultant for them in Tampa back in 2003 (about the same time I first signed up with them ;) ). It’s a huge company, with millions of customers, tons of legacy technology. I worked on middle tier services to get the front to talk to the back in a more friendly way.  I’m not going to pretend getting a pondering beast like that to get all the bits and pieces working together in lock step is easy.  So I am somewhat sympathetic.  That said…

I will say that as a software UX and dev professional, this experience leaves a lot wanting. I understand getting unexpected errors, but they really should have a big “get help with this” button on the page, that will start an online support case for me, sending them all the contextual error info they need to resolve it. I mean, I’m online. You have online support. Ne’er the twain shall meet?  You tell me to call?  Really?!?  (What is the “Local Business Office” anyways? You gave me a generic 800 number to call, not the local office.)  And the fact that it was supposedly fixed and showed up again with the same subpar experience…

When people get errors is the time when they’re most frustrated, and so you want to handle that very carefully and smoothly–make getting a resolution as fluid and easy as possible.  Don’t just punt and say “call us!”  Especially for folks who are already online–the context is there, just connect the dots for them.  This could have been an opportunity for Verizon to wow me (and others who are undoubtedly running into it) with how smoothly they deal with failure.  Instead, I get passed around, asking me to do extra work and effort to resolve it. Not good.

And the fact that I get significantly different levels of quality of service from their email support to their Twitter support can’t be good. Twitter is not great for resolving issues–limiting to 140 chars is just not ideal. I can only imagine it’s not ideal for their CS systems to track, either. But if we customers are taught we get better service that way, well, guess who we’ll go to when I need help?

As for the sales thing, I expect them to skip the fee; it’s just a tad wonky that it came up in the first place. I’m sure there’s a perfectly good “reason” why “the system” is acting the way it is. But the bottom line is that it’s broken. It’s not as if I’m asking to leave Verizon for another dealer. I just want to change the shape of the bits that are flowing in and out of my house.

Overall, I’d have to give a C in my quality of experience. The Twitter support is a redeeming factor–that team gets an A, especially given how they work around Twitter’s inherent limitations.

Keep working on it, Verizon.

Tagged , ,
10 August 2012
7 Comments
Design, Interaction Design

What is the Medium of Interaction Design?

Pinocchio MarionetteOver the years I’ve observed and participated in several discussions about what is the medium of interaction design. Full disclosure: I am not formally educated in Design–I’ve just learned from my own studies, interactions with educated designers, and working with and under designers, so take this for what it’s worth. ;)  But I think a person can reason about these things without necessarily having such a formal education.  See what you think.

The argument goes, as I’ve seen it, that as interaction designers, we are focused on understanding and designing for humans, and to some extent that design (no matter what it is) is rhetorical, in a very generic sense–it communicates something to a person and tries to convince her to do something, be that changing an opinion, acting in a social context in some way, or simply using the thing designed in a certain way (i.e., affordances). Further, the argument goes, interaction design can be applied to all sorts of materials, so we can’t say that one of them is our medium, as clay is the medium of potter or paint of a painter (and so on). The conclusion is, then, that what we design–what our medium is–is human behavior.

The fundamental problem with this is that it  posits the designer in the position of Fate, as if we have some superhuman power to conform other humans to our will, to shape their behavior according to our desires, making us more powerful even than many concepts of God. I suppose this could get heady and philosophical pretty quickly, depending on your view of human free will. But let’s just assume, for the sake of keeping the discussion manageable, that human beings do have free will–that they have the capacity to choose between options of their own free accord and, thus, shape their own behavior.

Yes, that behavior is influenced by all sorts of things. People are not disembodied, purely rational entities who make completely free, autonomous, uninfluenced decisions. We have plenty of psychology research to show this is true, and we have our own experience that we can reflect upon. Yet all of these do not destroy free will–the fact remains that we have the capacity to act contrary to the influences upon us. We can creatively choose paths that were not even presented to us.

Given this, it seems at least a little bit dishonest with ourselves to say that we design behavior.  Let me offer an example that might make us shy away from making this claim. Consider the recent events in Aurora. There is a direct, admitted connection between the offender’s behavior and the behavior presented in a designed medium (film). One might say that the Batman films, and those like it, are designed in such a way as to make acting the villain to be glorious and powerful.

Following the logic above, in reverse, one could then say that maybe the films were designed to influence people to act in that way, and further, that if behavior is the medium of design, that the offender’s behavior was designed by the filmmakers (ergo, it is the designers of the films, not the individuals acting, who are responsible for the tragedy). But I doubt many of us would admit this. We can argue that such films influence people to behave in certain ways (and that maybe they shouldn’t), but to say that they designed the behavior of the villain of Aurora is, surely, going too far.  Thus, we see that the claim that we designers design behavior is fundamentally flawed.  If people are not free to act of their own accord, they cannot be held responsible for their actions.

So, then, what is the medium of design and, specifically, interaction design–it is whatever materials that we do have control over, to shape according to our vision and will. For most interaction designers, this is software–the application behavior and the interfaces presented to people. Do we use these to influence behavior? Absolutely. When we design, we have certain human desires and behaviors in mind, and we either try to accomodate them or instruct them in order to effectively engage with the software. We could be a little more precise, even, and say it is only the artifacts that the designer herself creates (usually designers are not the ones actually developing the software itself).  In that sense, the media we design are varied, depending on the needs of the team, the app, and our own familiarity with the tools of interaction design. Concretely, the media are things like personas, storyboards, wireframes, interactive prototypes, and other artifacts used to discover and communicate the design of the software.

So let’s stop fooling ourselves into thinking that we are actually designing human behavior. It’s kind of arrogant and presumptuous to say so, when you really think about it. Let’s keep it real. Yes, we are on a mission to (hopefully) better humankind through what we design–the digital and analog worlds are increasingly merging. Yes, we want to influence behavior to greater or lesser degrees (depending on the context), but in the end, what we design is the interface and behavior of software (more generally, some digitally-integrated artifact).

Tagged , ,
1 August 2012
Leave a comment
Design

Top Digital Design Finalist

Gwyneth Accepts OscarI was just notified that I was a “finalist” in the “Top Digital Design Blogs” category over at eCollegeFinder. I’m not sure who nominated me, but I just wanted to take a moment to say thank you. I couldn’t have done it without you. :)

Just being nominated makes what effort I put into this blog worthwhile, and it makes me guilty for not writing more. I will try to make amends.

4 June 2012
2 Comments
Design, Interaction Design

Why Facebook’s New “Close Friends” Feature is Brilliant

Facebook Close FriendsYesterday, I got invited by FB to indicate people whom I think of as “close friends.”  I already try to make Facebook only about people I at least have met in person, and I’ve turned subscriptions off to even some of them.  FB is my actual friends feed in that sense. But who can resist carving out a special place in your heart for your “close friends”?

So I thought, sure, I don’t want to miss updates from my close friends (and family); it’s a fact. I figured FB would just make sure they show up in my feed.  So I plunked stars down on several of them, even name-searched a few they didn’t suggest.  And I was off.

Not long after, though, I started getting notifications. I was like, What? Several people are suddenly mentioning me? So I opened the FB app on my phone only to find that, no, apparently one of the things “close friends” does is create notifications for all of their posts.

I was partly tempted to figure out how to turn it off, but I thought, maybe I’ll see how annoying it gets.  So far, it’s not annoying.  And not only that, I like it, because I really do want to see what these people post and not miss it.

FB has harnessed this power of heart and turned it into an effective tool to keep me coming back more regularly. Well played, Facebook, well played.

Tagged
Older posts
Newer posts