No-one can access my online banking
… including me
We all have irritations surrounding excessive online security. The banking secure fob thingamajig caused outright mayhem (what is that called by the way?). And I am among those who lets out a great sigh when asked to add yet more info, and challenged to memory tests, before the door opens a jar and lets me get on with the task at hand.
But for me, all that is at worst frustrating. For others however, I recently found out, that these security measures are creating barriers that are beyond a roll of the eyes, they are actually preventing some users access completely.
It’s no use making something secure if that results in a service that’s unusable.
So what’s causing the issue? Well it’s actually not the fob thingy that causes the most problems. It is in fact this login screen. The customisable first question is fine (memory permitting). But it’s the section below that causes problems.
The fact is, entering specific numbers from a password is really bloody difficult.
The only way I can do it is by counting out the letters on my fingers. Some people write the password down, with numbers under the corresponding letters. Others take a rough guess, getting scarily close to reaching the limited number of attempts.
It’s made worse when logging in on mobile, because there isn’t the space for all characters in your password to be represented by a square (field). So above you see my my password which has 10 characters, represented by 8 squares, and so the second to last square appears to be the 7th character, but is in fact the 9th… It’s as difficult to explain as it is to use.
So we’ve established that this security interface ain’t too user friendly, but for some people, those with certain degrees of dyslexia, it’s simply not usable at all.
First things first, I am not an expert on dyslexia, far from it. And my survey sample is pretty bloody small. But the research I have done would strongly suggest that this is a blocker for quite a number of users. And that’s not okay.
I messaged HSBC to ask them about this. I wondered if they considered dyslexic users in their user testing. I’m yet to hear back from them.
Dyslexia is thought to be one of the most common learning difficulties. It’s estimated that up to 1 in every 10 people in the UK has a certain degree of dyslexia.
Then I wondered how much any UX and web designers considered the needs of some dyslexic users. I confess that in the user testing I have carried out in the past, we have not tested specifically on users with Dyslexia.
The fact is I, and I’m imagining many others who are creating user interfaces for the masses, don’t know much about dyslexia. And yet according to the statistics, one tenth of most user groups that we design for are likely to have some degree of it.
So, we should all remedy that immediately right? Well the problem is that Dyslexia has so many facets, it’s actually not that easy to pin down a nice little set of considerations that will improve accessibility for all.
Did you know for example that Dyslexia goes beyond reading? It can effect a users ability to recognise patterns, numbers and generally alter the way they see information. It can mean that they approach problem solving from a radically different angle, which means their user journeys through a website, for example, may go against all our user behaviour assumptions.
So what next?
It seems to me that there is no one size fits all solution to improve usability specifically for a dyslexic user.
But what I have learnt, is that the main issues that dyslexic users have, are in most part the same as for all users. Granted they may be heightened for a dyslexic user. But the crux of the issue is the same for us all, we just want clear and easy to use interfaces. End of.
Often, security folk will insist on an approach that compromises the user experience. This is foolish, because poor usability will lead to workarounds, and workarounds in turn lead to weakened security.
In the case of HSBC. The above could not be more true. As I said, people, dyslexic or not, are writing their passwords down to enable them to use an interface thats very purpose is to make things more secure. I mean… duh!
I challenge us all to think twice about how an interface design will be received by a dyslexic user. And if there’s something in there that might be of hindrance, maybe it makes better business sense, not to mention a better user experience, to take it out.