 |
Pattern 72: Security and encryption |
| Back to Diagram 1 - Getting started | Back to Diagram 2 - Usability | Back to Diagram 3 - Adding detail | Back to Diagram 4 - Workflow/security |
|
Pattern 72: Security and encryption |
| Back to Diagram 1 - Getting started | Back to Diagram 2 - Usability | Back to Diagram 3 - Adding detail | Back to Diagram 4 - Workflow/security |
You understand WYSIWYCU (70) but do not want the wrong users using the wrong things.
The problem is that of security. User must only be able to do the things that the law or your policy permits.
Sensitive data must be protected and often encrypted when in transit.
Therefore
Take security seriously, but take care not to frighten users with unnecessary warnings.
This pattern conceals a massively complex subject that may need a pattern language in its own right. Since we are
only concerned with security issues that impact upon usability, we can safely halt the discussion here. However
make sure you do not go too far and indulge in PARANOID SECURITY (74).
Security is not a usability issue but the way it is presented is. Use secure, verifiable sites for transactions that require security. Tell the user when they enter and leave these areas but do not frighten them unecessarily with messages about the dangers of the internet.
If you can see a feature you want to be able to use. Being locked out can be annoying. This means that one should avoid displaying things that are not usable. If securiry really means that some users will be locked out of features then tell them why – and make sure its a good reason.
Cookies are a useful way to make visiting sites that require registration a more user-friendly experience. However, some users are wary of cookies because they can be abused. This is not because they give access to information on your computer but because they can reveal your surfing behaviour. Veen (2001) gives the example of advertising service provider Doubleclick, which can track people’s visits to sites that use their service and build a profile. This definitely seems like an invasion of privacy. Some users however are tolerant of this.
You should also provide a way for the user to verify the identity of a secure site. Use a padlock icon as a
link the display of your verification service’s credentials.
| Browse the language | What is Wu? | Look at an example pattern sequence | Structure of the patterns |
| Comment on Wu | Contributors | Return to TriReme home page | Links to related sites |