Standing Out From The Crowd header image 2

Main menu:

 


Twitter Updates:

     

    Archive

     
    Bookmark and Share

    Site search

    Categories


     

    Security and Usability are finally merging

    Posted by Luis Serpa on June 27, 2007 - 6:52 PM
     

    Safe Password?Security has always been placed in the opposite side of usability.  By default, when you think about adding security measures to a website, you are talking about creating extra processes or at least adding an extra layer or complexity to existing process, so invariably the site usability suffers.  Several promising researches were conducted in the past few years using graphical passwords, nonverbal memory systems and biometrics, but nothing seemed quite ready for immediate, cost-effective or practical use.

    VidoopWell, ready or not it seems we are about to witness those solutions coming to market very soon.  Vidoop, a technology innovation company, is rattling the security cage by promising to definitely merge security and usability with their new product, soon to be launched on a Fortune 500 bank website not yet disclosed.  If they deliver what they are promising (and demonstrating on a 12 minutes video presentation), it will surely be a big step on the right direction.

    Of course, after seeing the video and testing the Demo, I realize that the solution is not perfect (how could it be?).  Although they’ve probably addressed 9 out of 10 of the common usability problems and close to all – if not all – security known issues, from a customer experience perspective there are still 3 main unaddressed concerns.

    Accessibility – I can’t say for sure, but I saw no practical option for users with disabilities (impaired vision).  A work around can be devised, but not without impact to the usability and somehow disregarding the use of images, thus throwing away the main advantages of the solution.

    Cross-Channel Consistency – The solution works perfectly for the web channel and could be easily adapted for ATMs and Face-to-Face Interactions, but is moot over the phone.  That means one needs to have different passwords for those channels, so the phone will still be the weakest link of the security chain.  Given the old maxim that a system is only as safe as its weakest link, Vidoop may guarantee a better easier web security process, but not a safer process overall (not to mention the fact that one still have to memorize two sets of passwords for the same bank). 

    Password Portability – Graphical passwords are way easier to memorize, even with long gaps between uses, but it is still something one have to commit to memory. If each website adopts a different password process (graphical or not), at some point the users won’t be able to remember all sets of passwords for individual sites and will start writing them down, thus eliminating the point of having a safer/easier to remember password (they are already working with OpenID, which might just be the solution for that).  Anyway, for this to work as projected,  Vidoop’s solution (or OpenID) must become a standard rather quickly, but I don’t think they mind that part.  :)

    All in all, it is a great step in the right direction and opens a lot of new possibilities. If Vidoop keeps working on those points and acts quickly on their users’ feedback, they should be able to rapidly change the bank industry scenario.

    In my opinion, a little bit of change is always a good thing. 



    For trackback use the URL in the following link: Trackbacks

    Write a comment