We’ve all seen it. A caffeinated teen in a black hoodie sitting in front of his laptop in a dark room, with 3 and more screens, multiple programs opened up which look more like a command prompt, attempting to hack something or… someone.
This description is often painted by shows or movies when they want to show a hacker. The hacker is highly skilled and probably knows much more about computers than your whole friend group combined.
But in today’s day and age—as tech gets better and better— a new hacking fashion has emerged. This one doesn’t require any technical skills and yet makes it capable enough to steal a person’s data and more.
It’s called Social Engineering.
Social engineering is the psychological trickery used to get people to do things or reveal private information. Along with the cybersecurity experts, it falls upon the shoulders of a good UI UX designer to find a balance between simplicity in UX and security as well as the privacy of the user.
Defining User Security
The security of a system frequently has a weak link in the user. Weak passwords, unencrypted files left on unprotected computers, and successful social engineering attacks have all contributed to numerous security breaches.
Therefore, it is crucial that the user interface of your program enhance security by making it simple for the user to make secure decisions and steer clear of expensive mistakes.
A social engineering attack involves persuading the user to execute malicious code or reveal confidential information.
For instance, when users downloaded and opened email attachments, the Melissa virus and the Love Letter worm each infected thousands of computers.
Some Examples
Say you lost your phone, and after calming down from all the panic it ensues, you start to locate your device and find yourself on a screen similar to this one:
Google’s way of doing things isn’t all bad here, but Apple has a simpler approach which is for the better. Although it’s nice to display users’ photos, hackers can confirm that your account is actually yours. (Note: Google has updated their sign-in UI but it’s still worth being aware of)
Now, what if you find yourself tangled in the newest attack on the block. The Google Doc phishing.
To transfer the permissions that a user grants to a third party, this page is owned by Google and is hosted on their servers.
But a malicious third-party web app with the simple name “Google Docs” requests access to the user’s email and address book on this permissions page. It appears highly unlikely that the majority of users will realize that by granting access to a third party rather than the Google Doc, due to the user interface’s design.
The Solution
These user interfaces lack a mechanism known as “Defensive UI.” A defensive UI is a user interface design feature that reduces users’ susceptibility to phishing attacks. To create a defensive UI, we must add an extension to the UI design process. The three steps of such an extension are as follows:
-
Social Engineering attack testing
-
Design Criteria Definition
-
Redesigning the Defensive User Interface
Social Engineering attack testing
This step is similar to general software and code testing in that it requires thinking of creative ways that attackers can launch an attack using UIs or a process involving a UI.
It is difficult to think of all possible attacks, but with a systematic approach, a designer can quickly check the UI against a list of known attack patterns.
Design Criteria Definition
It is critical to define criteria for redesigning a user interface in order to eliminate a specific attack. It should be free of abuse and worry, actionable and practical, and concise and clear.
Redesigning the Defensive User Interface
Finally, we get to redesign the UI in order to reduce the attack while meeting the criteria. Here are some tools that can be used to redesign a UI to make it more defensive:
-
Warning
-
Notice
-
Status indicators
-
Training
-
Policy
The balance between UX and security
In the first half of 2020, data breaches exposed 36 billion records, indicating that data security is a serious concern. Conciliating UX and security is one of the most difficult challenges in interface design, but it is doable.
With the number of businesses migrating to the cloud increasing at an exponential rate, data security is more important than ever.
In the misunderstanding of the two camps, namely UX and data security, the user is left wanting. One strives for better design, while the other strives for security. However, businesses and their customers should not be forced to choose between a superior user experience and one that is secure.
Here are some methods for using a UX design to enhance security:
-
Encourage Safety Through UX: Remind users that security is in place and that SSL encryption is being used. This will boost consumer confidence in your goods and services. Include tools that remind users to select secure passwords and to disclose as little personal information as possible.
When users create passwords, this micro-copy that is displayed should encourage them to make more secure decisions. Tell users why it’s crucial to have a carefully chosen password rather than making them create a strong password with one uppercase letter, two special characters, and a number.
-
Minimize Complexity: Technical lingo is a deal-breaker. A good UX designer is aware that design is centered on the user’s comprehension and ease of use. It’s best to communicate security risks to users in the clearest language possible if you ever have to do so.
Give a simple, layman’s explanation of how a security measure operates. Before you put down technical details, consider how the user might interpret them.
Use clear language rather than ambiguous terms that could encourage users to bypass security measures.
-
Make Users Aware of Phishing Attacks: UX designers can make pop-ups that warn users of phishing without interfering with their browsing experience.
Designers can create tools for team collaboration and security forums where users can report spam and assist one another. In their apps, they can use popups or messages to warn users of phishing attempts.
-
Design for Transparency: Users should be able to influence what information is gathered and give their approval for each data processing operation. Additionally, they ought to have the freedom to revoke this consent whenever they choose.
Designers must make sure that users are aware of any potential data users other than them.
An excellent privacy policy that provides users with all the information they need to know about their data and uses would be part of an excellent UX design.
The Takeaway
A great user experience (UX) can make or break your business, but a secure product doesn’t have to be difficult to use and navigate. Security is untouchable. You risk exposing your users without it.
Fortunately, UX and security can coexist. They have to. You can deliver a highly secure product that is also very usable.
You are not required to choose between greater security and a better user experience. Design and product security are not incompatible. As was shown above, the latter can be utilized to increase online safety.
Be mindful of the psychological tendencies of your users, but watch out that your security measures don’t take away their agency. Designers who comprehend the needs of their users can still produce immersive experiences, and a product that prioritizes data security will be easier to gain trust in than one that does not.
Cyberspace is a sophisticated adaptive system, and effective UX design is essential to success there. By utilizing UX to improve data security, you can accomplish two goals at once and improve your chances of success.
You will discover that your customers reward you with greater engagement and trust as long as you continue to be innovative and open to addressing security issues with UX.
