• Skip to primary navigation
  • Skip to main content
  • Skip to footer

David Bressler

B2B Go-to-Market Storytelling

  • Blog
  • Bio
  • Subscribe
  • Buy my Book

Human Behavior

April 9, 2020

I live by the cre­do: no detail is too small… to com­plain about.

Here is some­thing to improve about relat­ed to cre­den­tial secu­ri­ty for the many online accounts we all have. It’s not a tech­ni­cal improve­ment, there’s an easy tech­ni­cal answer.

How­ev­er, the human behav­ior aspect is a dif­fer­ent angle. And, I believe that the account set­up sequence I’m going to show you is a fail­ure of empa­thy on the part of site devel­op­ers or secu­ri­ty staff.

Account security best practice

It’s well known among secu­ri­ty peo­ple that for each account you set­up online you should cre­ate a pass­word that is (1) com­plex, and (2) unique.

In fact, this is such a sim­ple best prac­tice that browsers, such as Safari sug­gest com­plex unique pass­words and pre-fill them in when you cre­ate an account. They then use the Mac Key­chain to remem­ber the account info. When it works, it makes cre­at­ing and remem­ber­ing pass­words eas­i­er… increas­ing peo­ple’s cre­den­tial secu­ri­ty.

Creating a new password

Today I had the oppor­tu­ni­ty to cre­ate a new account for sen­si­tive infor­ma­tion.

Here’s what it looked like:

What’s hap­pen­ing and where is the human / empa­thy fail?

Human behavior beats technology every time

Let me point out what you’re see­ing above.

I have the default set­tings for pass­word sug­ges­tions on Safari. In fact, I’m not even sure I could change them.

The default set­ting has the pat­tern 6 char­ac­ters, dash, 6 char­ac­ters, etc.

How­ev­er, this site dis­al­lows the dash (‘-’) from pass­words.

Who­ev­er owns the site would prob­a­bly say “just pick anoth­er char­ac­ter”.

In the­o­ry, that’s easy.

In prac­tice it fails. Most users, I bet, would click on “strong pass­word”, tell Safari not to sug­gest a pass­word, and enter the “reg­u­lar” pass­word they use every­where. Most users are sim­ply try­ing to get through the account cre­ation flow. They choose the sim­ple path, not because they want their account to be com­pro­mised, but because it’s sim­ple.

Is that good behav­ior? No. Would most peo­ple know why not? Prob­a­bly not. You can edu­cate them, but then you’d just have smarter peo­ple choos­ing the eas­i­er path. The fail­ure is in mak­ing some­thing more dif­fi­cult than it should be, not in the ‘lazi­ness’ of your users.

Obvi­ous­ly, this site was­n’t test­ed in Safari. There was a time when it was easy to tell users what brows­er to use. That time is long gone.

The pow­er of defaults is well known for peo­ple design­ing while pri­or­i­tiz­ing user expe­ri­ence. Site devel­op­ers and secu­ri­ty offi­cers owe it to them­selves and their users to reduce the cog­ni­tive load it takes for users to keep their accounts safe. The cre­ators of the site above… it’s their fault. Even if a tech­ni­cal­ly cor­rect answer like “choose a dif­fer­ent char­ac­ter” is sim­ple and sounds like it makes sense, it’s the wrong answer because human behav­ior in the con­text of the design has­n’t been con­sid­ered.

Cymatic Security

For­give a slight tan­gent to plug the com­pa­ny some friends of mine found­ed.

Anoth­er way to solve this prob­lem is to use Cymat­ic’s solu­tion. Cymat­ic alerts users in the flow of account cre­ation whether the pass­word they choose is com­pro­mised. The ben­e­fit is that even if users can’t work with the default Safari capa­bil­i­ties, they know in the moment what the best secu­ri­ty prac­tice is, and what they should do to max­i­mize their cre­den­tial safe­ty.

Read this good arti­cle about how Cymat­ic helps users main­tain prop­er secu­ri­ty hygiene, the screen grabs in this post are quite nice and I’m sure have evolved in the 9 months since.

Cymat­ic helps peo­ple and com­pa­nies keep accounts safe and secure, in a way that shows empa­thy to non-tech­ni­cal users and helps them be more aware of the small things they can do to max­i­mize their online safe­ty.

In my opin­ion, the best part of Cymat­ic’s solu­tion is how easy it is to imple­ment. Not many things in life are easy and good. You real­ly should have a look.

Related

Filed Under: Security

David

If you like this post, you'll absolutely LOVE my book: 'The Elephant in the Room has a Paycheck: a fun & socially conscious blueprint to help the 99% get started investing'.

It's a quick read, and, if you can believe it considering that it's a book on investing, fun.

If you're looking for a simple and successful investing strategy, one that's purposely designed to keep you motivated, The Elephant's Paycheck is for you. And if you're already an accomplished investor, this book is likely for your spouse or your children so that they can become interested in what you're doing with the family's wealth.

Footer

Subscribe to stay in touch

If you enjoy the content I create, or the insights I share, please let me email you what I think will help you do better work.

If you don't double-opt-in by confirming your subscription, you won't be subscribed.

  • Email
  • Facebook
  • LinkedIn
  • Twitter
Copyright © 2022 · Genesis Theme Framework · WPEngine Hosting