Why Your Security Policy Shouldn't Make Life Hard for Your Users
When creating any kind of online service that requires users to log in, one of the things you are going to need is a security policy. You may choose to use third party add-ons or other software to manage this, or build it into your own site or app, but configuring it will mean that you need to decide on how you will verify that users are who they say they are, and this means you'll need a policy.
Why Overzealous Security is a Turn Off for Users
There are plenty of examples of where security can be overzealous and actually stop people wanting to use your service. Have you ever, for example, felt like leaving a comment on a blog post, only to see how much information you have to provide to do so and give up? Would you want people to give up on engaging with your service for something that simple? The security in place for existing users that makes them jump through too many hoops can also give them a negative impression of a business. As an example, Outlook, Microsoft's online email service, sometimes locks users out of their accounts due to 'unusual activity', and only provides one option (SMS) for them to reactivate it. This is not enough flexibility.
Mobile phones can often have a similar problem, locking you out for accidental failed unlock attempts and meaning you have to call your provider or use a service likeunlockingsmart.co.uk – either of which, while simple enough to do, is a hassle you could do without. You may need to provide ways for users to deal with 'locked out' situations, of course, but making sure they only happen when they actually should, and making getting back into the service easy, will help stop people abandoning your service.
Another thing many people don't think about is the true usability of their log in or registration process. Have you, for example, made fields on the registration form mandatory that don't really need to be? Do you really need a phone number when you do almost all of your communications by email? If not, make it optional - then you may just keep that user who doesn't know their number off by heart and can't be bothered to look it up just to register for your site. Have you got things hard coded into your forms or validation that can make it unnecessarily difficult to register for people in some scenarios (for instance, do you validate for UK format postcodes, even though there is no reason why someone who lives in France shouldn't be using your service?).
Take Your Policy Seriously
Remember at all times in the design process that the policy is there to protect data and users while causing as little interference as possible. Don't ask for more information than you need to just on the off chance you may use it for some future marketing effort – having less customers abandoning registration is far more important. Don't put validation on forms that is stricter than it needs to be. And don't ever use a Captcha that doesn't allow the user to refresh it without deleting everything they just filled out on the form if they can't read it – that should be one of the seven deadly sins of the internet!
A good security policy should lead to a streamlined, non invasive experience for the user – remember that above everything else when you design yours!
Free Website Templates » Free Web Design Resources » Why Your Security Policy Shouldn't Make Life Hard for Your Users
If You Would Like To Submit Your Own Free Theme Template Design, We Encourage You To Register and Get An Account on Template4all.com
Share Some Love