Security, Productivity, and Usability in the Enterprise

During interviews I conducted for my dissertation research, I asked individuals how the security policies and systems affected their daily life in terms of productivity and work and personal communication. Interviewees gave many examples of tradeoffs between security and usability. People understood the reasoning behind many of the security restrictions. However, these implementations often significantly reduced productivity and frustrated employees everyday work practices and basic personal communications needs. Many implementations actively motivated employees to subvert security protections. The lengths to which people went “work around’’ what they perceive as overly restrictive security and compliance implementations lead to distinctly counterproductive measures in terms of overall security. ...

November 30, 2011

The World is Not Flat and Neither Are Social Networks

Now that I and the rest of the Internet has grown accustomed to Google Plus and Facebook’s most recent friend categorization features, I thought it was time to revisit and revise a previously unpublished piece of mine. Take a moment and think about your friends, family, colleagues, friends of friends, acquaintances, and members of the same social club. These six groups could comprise a large part, but certainly not all, of the people that you know. You may also have extended family, classmates, common members of sports teams, religious associations, and the familiar strangers you recognize, but don’t know their names. To further complicate matters, the people in these groups often change over time as we move through life. How we conduct ourselves depends on the situation. It is highly unlikely that you act the same way around your grandmother as you do at a party with your friends and people do not expect you to act the same way. Your friends, work colleagues, and extended family do not all know each other and I suspect that in many cases you would like to keep it that way. For this reason, it seems odd to expect that our interactions in online social networks would be any different. ...

November 1, 2011

OpenID Trends: Improved Usability and Increased Centralization

The OpenID authentication framework is the most well known of the federated user-centric identity systems. OpenID has effectively become the first commonplace single sign-on option for the Internet at large. Most sizeable Web-based service providers such as AOL, Google, Facebook, Microsoft, MySpace and Yahoo! have integrated at least limited support for OpenID. Services often run OpenID authentication side-by-side with their in-house developed authentication or as an alternate method of authentication. Once the user has authenticated via their OpenID provider, their credentials can be used to automatically sign the user into other services previously linked to their OpenID. Widespread support has made OpenID the de-facto authentication mechanism for low-value transactions on the Web. ...

August 27, 2010

Federal Digital Identity Proposal Lacking in Usability

The White House announced The National Strategy for Trusted Identities in Cyberspace (NSTIC) proposal and a NSTIC Fact Sheet on The White House blog. The NSTIC proposal (PDF) describes a plan to implement a federated online identity system with strong authentication. The document states the President expects to sign a final version in October 2010 and the strategy will likely significantly influence the government’s identity management efforts. In this post I will discuss the usability aspects of the proposal. ...

August 3, 2010

Simple Package Tracking with TrackMyShipments

The web-based interfaces offered by the shipping services allow you to schedule shipments, manage billing, store addresses, and track packages online. Some third-party services offer simplified interfaces and allow you to track shipments from multiple shipping carriers at once. Still, the process of entering multiple tracking numbers into multiple services can be cumbersome. I prefer the email-based input method used by the TrackMyShipments service. TrackMyShipments is an email-based online package tracking service I used for more than year and half to as a streamlined method to track packages. TrackMyShipments takes advantage of the fact that you already have the tracking numbers sent to you in email. I wrote about another email based interface in my review of how TripIt Shows the Value of Combining Email, Web and APIs. The signup process is very quick. After registration, you simply forward an email messages with tracking numbers to track@trackmyshipments.com and the service will send you a notification when the shipping status of you package changes. ...

November 19, 2009

Trends in Password Masking Security and Usability

John Gruber’s Daring Fireball pointed me to Jakob Nielsen’s Alertbox column Stop Password Masking, which resulted in a thoughtful and interesting thread of conversations and a few experimental solutions. Password masking refers to the practice of displaying an alternate character, usually a star or a bullet in place of the actual characters typed into a password field. The idea is that this prevents another party from viewing the password while it is entered. Nielsen argues that in most cases masked passwords are not needed since should surfing is not a major issue and that this is even less of an issue on mobile devices. He says masked passed passwords often reduce usability by increasing the number of errors since users cannot see what they are typing. This problem is further compounded on mobile devices where typing is more difficult and slower. Since users are less certain about what they are typing, they are much more likely to choose passwords that are simplistic or copy and paste the passwords from less secure locations. Nielsen says that high value password forms should offer an optional checkbox for masking passwords so that they can be used on an as needed basis. ...

July 25, 2009