UX Design For IoT: The UX Of Security 3/3

Don Norman, was the first User Experience architect that Apple hired in 1993. Today, he is considered the father of User Experience (UX) design. Standing out for having a good UI and UX is crucial for companies, not only for Apple, both at the marketing and at the consumer levels.

In previous articles UX design for IoT: Designing experiences or UX design for IoT: Interface Design, we have already spoken about the importance of UX or the different interactions with the devices that exist in the world of the Internet of Things. However, there is another critical factor that is not given adequate attention: security.

Sometimes security and usability are in struggle. Security measures often make it more difficult to do certain tasks. Even if security is not the user’s main goal, it is necessary to take care of it.

Users are (or rather WE are) reluctant to comply with security measures that prevent them from enjoying an optimal browsing experience. Security tools and software should be simple, not restrictive, and one of its biggest challenges is getting people to use it correctly. The more complex is the security, the more likely it is that the user will use it incorrectly.

Sinning a very sophisticated security makes it confusing and thus ends up being more insecure because of misuse.

If you think that securing our computers at the user level is complicated, ensuring IoT is even more challenging. Integrated devices will be more vulnerable. Imagine the tedious task of authenticating yourself in an intelligent thermostat whenever you want to change the temperature… In IoT, the networks of devices and web servers must be able to act on behalf of the user without having to be authenticated each time.

Security and UX should go hand in hand.

Building devices with robust security models may not be reflected in the UX of the device, but there are different aspects of security that have a direct impact on the design.

• Limits the damage — It is possible that at some point, the security may be violated, so we must try to minimize the damage that may occur. Limiting the devices to a very specific set of functionalities will help to prevent them from being used in involuntary actions. For example, entering the entertainment system of a car should not be an access door to step into other systems such as navigation or brakes.
• Keep the devices safe — The software must be updated with the minimum possible user intervention. In the same way, it is important to check the physical security of the devices by designing product housings to avoid manipulations or make them appear when the devices have been manipulated.
• Make authentication easier — It is obvious that the user has to authenticate himself to access a device, but imagine that you had to authenticate yourself in each of the devices connected to a network. To work together, they need to know what others they can trust, they must find the easiest way to validate each one’s identity and communicate with each other safely.
• Permission control — Users must control how much their devices can do or what they can share. Permission control can mean that devices and services have only partial access to functions in other devices or services. But users do not want to have many configuration options every time they add a device to their network. A combination of transparency and effort is needed.

• Make visible the invisible — Many of the devices we use do not have an interface so they can not always tell us when they have been compromised. You need ways to make these invisible threats visible.
• The security measures have to be in accordance with the needs — It is useless to demand something that they will not be able to do.
• Privacy — Privacy is a problem of data in the network. Often security and privacy intertwine even if they are not the same . A security breach can result in a loss of privacy. Collecting only the personal data strictly necessary to deliver a service is a very important step to protect privacy. You must choose the options that make the data flow more manageable. In some parts of the world, privacy legislation affects what is possible or not to do.
• Data collection and distribution — To provide good service in a connected product, some information will be needed. The more we want the users’ behavior to interfere with the product the more information we would need about him. As the products become more complicated, they manage more information about the person’s profile, which brings both responsibilities and opportunities.

The lack of security in IoT puts at risk from individuals to physical systems or entire governments. So far it has not been a priority, rather it has been a last minute idea or measure taken after part of the system has been violated.

In 2009, the worm known as Stuxnet took control of 1,000 machines at an Iranian nuclear enrichment facility and instructed them to self-destruct. It was the first time a cyber attack managed to damage the infrastructure of the “real world”.

If you are a company, you must make security a priority for your products and maintain continuous support to solve all the problems that may arise on a day to day basis. If you are a consumer, you must make sure that the connected devices you buy are not vulnerable and take the necessary measures to keep them safe.

Responsible IoT Design — https://www.oreilly.com/ideas/responsible-iot-design

………………………………

Article written by Ana Rosa González, User Experience Manager at Barbara IoT.

If you like this post and want to receive similar content subscribe to our Newsletter.