The Impossible Balance Between Usability & Security
This was a talk I gave at ETH Denver 2019. It has been modified a bit for this written, rather than spoken, format. If you would prefer to watch the talk, you can watch it by clicking here and then skipping to 5:31.💖
Today we are going to talk about balancing usability with security. Especially in this space — it is so hard and it is so important that we get this right.
Cryptocurrency is just simply different. We focus a lot on the user experience and design, but as we do so we must be careful. The most usable product is rarely the most secure product. We have to keep in mind that it is our job as product creators to keep our users safe and secure, even if we aren’t taking custody of their assets.
The above is one of my favorite quotes ever and it comes from Jameson Lopp. I love it because it really emphasizes that security and usability is a spectrum. This example is on the very edge of the security spectrum. This is literally as secure as you can get, but it is also as unusable as it gets: you (nor anyone else) can access or use your crypto.
On the other end of the spectrum would be a world where literally everyone has your private key and anyone can send that money around without even thinking about it. Unfortunately, that is about as insecure as it gets and would result in your funds being stolen instantly.
When we are building in this space we need to strive to find the perfect balance between the two. We want people to be able to access and use and send their crypto, but do so in a way where their funds aren’t lost or stolen.
So, let’s back up a little bit and understand what people are expecting when they enter this space.
People are used to logging in with a username and a password. Almost every service on the planet uses this authentication mechanism—whether it’s their Google accounts, Facebook accounts, bank accounts, etc.
Additionally, they are used to being able to recover their account if they forget their password or username or email address or anything. In the traditional world you can pretty much forget anything and still be able to access your account via one mechanism or another.
People are also expecting some external party to fix things when they go wrong. Whether that is calling a customer support agent or opening a support ticket or walking into their bank, they are expecting someone to step in and save the day when things go wrong.
One thing that is really common in the financial industry is automatically protecting users without any action necessary on their part. Banks will email you or text you when there is a suspicious charge. They will block the transaction until you approve. And if a charge does sneak through, or you lose your card, the bank will reverse any fraudulent transactions and get you a new card.
Each time this happens, we build up expectations that there is always someone watching over us and preventing us from from being harmed or losing money. And it’s especially important to note that it’s becoming more and more common for these things to happen preemptively, without any action necessary on our part.
Obviously when we are dealing with cryptocurrency, none of these things occur. There are no chargebacks or reversing transactions when they are sent.
Lastly, people are not used to the concept of “forever” or the concept of “permanence.” We live in a world where everything can be undone or edited or deleted.
When you write something to the blockchain, not only can you not undo it or reverse it, but it lives there forever.
We have seen this with Peepeth, which is a micro-blogging alternative to Twitter that is decentralized and on the blockchain. When people are confronted with the concept that this tweet — or “peep” — is going to be stored on the blockchain forever, they become hesitant.
Whether you are building a dapp that deals with information, user data, or financial transactions, these concepts are very foreign and contribute to a fairly scary user experience.
So why is this decentralized, Web3 world so different?
First, all of the dapps we are building are putting users in full control. They have control over their finances and they have control over their data. In fact, this is one of the biggest “values” of blockchain technologies. There is value in removing the control and power from centralized banks and centralized governments. It is empowering for individuals and marginalized communities to be in control of their own data and money.
Unfortunately, the end results of this control is not always valuable, especially when individuals are suddenly solely responsible for assets that have real monetary value and don’t come with undo buttons, password resets, refunds, or a third-party that can come in and save the day when something goes terribly wrong.
In this industry, we love to talk about “being your own bank.” For most people reading this, this is an empowering and exciting concept.
But what “being your own bank” doesn’t mention is the fact that you are also now your own security force. You are also your own risk manager. You are essentially every single department in that bank. It’s not as simple as, “I’m going to hold my own money and no one can stop me.” It also means you have to secure that money, ensure you don’t make mistakes when you send that money, and make responsible decisions on how you manage and store that money.
What must we keep in mind as we build this decentralized future?
And when I say “build,” I don’t just mean the coders. I mean everyone who has a hand in building products or contributing to this ecosystem. These are the marketers and the operations people and the decision makers and the product leads. Even if you are simply a user of these products or just really interested in how this space evolves, you have the power to contribute your thoughts and your ideas to the future. You have the ability to question and push product makers to build the best products.
First, recognize that people are expecting the same experience they currently have. Whatever experience they have on a day-to-day basis with their Uber app or Airbnb app or banking website—they expect that.
If your experience is different—which it is—then you must adjust your users’ expectations or deal with the consequences.
Cryptocurrency is especially unique because stealing a single string of characters (your private key) and gaining access to your account has really quick and direct ROI for these attackers. If they can gain access to your account, they can grab your money and send it, mix it up, and cash it out for fiat currency or products very easily and anonymously.
This is not a hacker stealing a pile of credit card numbers that they have to sell quickly for cents on the dollar because most will be shut down before that money can be spent.
One dollar stolen is one dollar of profit when it comes to cryptocurrencies. It doesn’t matter if you are a huge exchange that holds customer’s funds, a service that only hold encrypted private keys, or an individual storing your own seed phrase in Dropbox, the attackers will do literally anything to get access to this money.
The user experience is the entire experience that people have as they interact with your product and ultimately the blockchain. The user experience is not just pretty buttons, glorious illustrations, and perfect color palettes.
As we build products with the best possible user experience, we have to keep in mind that the worst user experience is when people lose their money. It doesn’t matter if it is lost because of user error, accident, fraud, or outright theft: your user experience sucks when people lose their money.
How do we find this perfect balance between usability and security? How can we ensure we don’t go too far on the security side of things or the usability side of things?
There is no one-size-fits-all solution. We need a wide variety of solutions that target different demographics and approach the problem differently. It is only this diversity in products and healthy competition that will result in a perfect solution for every individual who wishes to interact with the blockchain.
Every single person has different expectations and different needs. They also have different technical abilities, different desires, different demands, and hold different amounts of money.
We need the fiat on-ramps and custodial solutions. We need the funds that literally manage other people’s money. We need the completely decentralized, non-custodial solutions, like MyCrypto. Together these solutions complete the ecosystem and allow the masses—all the masses—to get in and experience the blockchain.
We should also keep in mind that most people don’t start 100% decentralized. People can ease their way in and work from a centralized, custodial solution to a non-custodial solution as they become more and more familiar with this ecosystem.
And as you are building your product for your target demographic, always keep in mind that people will use your application in unexpected ways. They will do what you are least prepared for. They will find more and more creative ways of screwing up.
Even as you build for your target audience, it may turn out that your target audience isn’t the one actually using your product. It may be a completely different demographic.
As we’ve discussed, building products in this ecosystem is hard. This ecosystem is fundamentally different in a number of ways and it is always a struggle to adjust user expectations to account for these differences.
As you are just starting out and you have an idea for a product or application, make sure you are sharing your idea. Share it with everyone. Talk about it constantly. Stop hiding behind NDAs. Stop pretending that you idea is so magical that everyone is going to steal it. Get those notions out of your head and share your idea.
As you share, listen to how people respond. Note the questions that they have. Listen to their responses. Don’t push their comments away and write them off as, “Oh, they just don’t get it.”
If the people you are talking to don’t “get it,” no one is going to “get it.”
This goes hand-in-hand with one of my most important points: DO NOT BUILD IN A SILO!
Do not sit alone in a room with your tiny team having a lovely little circlejerk where you validate each others “brilliance,” Stop hiding in “stealth” mode.
If you do not share your idea and share your product, you have no idea how people are actually going to use your product and what problems they have with it. You have no idea what you are missing on the usability side, the security side, or any side. You will never know what unexpected things people do on your application because you have no one actually using it.
If you don’t ship early then you will only succeed in building a perfect, polished product that doesn’t actually serve anyone. You will never know if you are addressing the needs of the market or the needs of your users. More than likely, you will spend far too much time building something that no one actually needs and you will have to go back to the drawing board once you learn this.
Once you ship, talk to your freaking users. Talk to them every single day. When I first started in this space, I talked to the people using my product every single day. I lived in the support inbox. I knew exactly what they were struggling with and what they didn’t understand.
I understood and felt their pain when they lost money or made a mistake. I understood and felt their fear and intimidation when they were new and trying desperately to understand this space.
And, I understood and felt their excitement and joy when they did something successfully. It is the best feeling in the world when you hear from someone that they finally figured it out because of your product. It’s immensely satisfying to adjust your product or your error messages based on what people are actively struggling with and prevent it from happening again.
If you are not living in that support inbox and talking to your users, you have no idea what is actually going on. You are living in a very tiny little delusional box that you built for yourself.
As you are talking to your users and learning how they are actually using your product and seeing if they understand all these crazy concept you are throwing at them, you have to react fast.
When you see a number of users struggling with the same thing, you must adapt. You cannot ignore the problem as “they are dumb” or “they shouldn’t be using my product in the first place.”
Instead, ask yourself:
- How can I improve my product?
- What can I do to prevent this happening with future users?
- What can I do to ensure that people take the correct actions?
- Is there something wrong with our messaging?
- Do we need more education?
- Do we need to change the user flow?
One thing I’ve learned while building MyCrypto is that if we do not literally force users down the correct path, they will not go down that path on their own.
We love to spend time and money on design. It feels so fruitful. Good design is immediately tangible and visible. It’s easy to allocate a budget to design.
Security however is about preventing bad things from happening and preventing the unknown from occurring. Good security is simply the absence of bad things happening. It’s far less tangible.
I’ve heard some variation of this statement a few times now and it’s a scary way of thinking because it vastly overvalues design and vastly undervalues security.
Essentially, people have a tendency to think that without good design they won’t have users and therefore allocating resources to security doesn’t matter because…they won’t have users.
On the flip side of this argument is: if you do create this amazing product but your users end up losing all their money because your product is so insecure, is the experience you are providing still good? Is the design actually good? Is your product actually good?
You must spend equal parts on security and usability and strive to find the balance for your product. Just like you have dedicated designers, you should have people dedicated to security. You should have outside security experts who really understand the flaws in your product and where people are being unsafe.
The balance is hard. Finding this balance is magic. And you are the magician. It is now your job to find this balance and create the perfect product for your users. It’s not easy, but it’s why we are all here.
I want to remind people that experimentation, especially in environments like hackathons and ETHDenver is really, really valuable. I often see people get hung up on both the UX side of their product… and the security side of their product.
Sometimes it can be intimidating. You may feel like you can’t even pursue an idea or play with an idea or see if you can bring an idea to fruition because you become obsessed with having the perfect design or the perfect security.
Everyone has to start somewhere. No product is perfectly secure nor is every product perfectly usable, especially at the beginning. Don’t get too hung up on the huge, long-term picture.
Start small and take iterative steps to improve your product every single day. You will never learn as much as you learn once you start building for actual people and responding directly to their needs.
Talk to people. Build for them. Talk to more people. React and adapt to their needs.
But, most of all, work hard to save people from themselves.
At the end of the day, this entire decentralized world we are currently building is about people. It’s not the technology. It’s not the algorithms. It’s not the fancy cryptography.
The things we build and the interactions we have are all about people. It’s about connecting people and making their lives easier and better. It’s about empowering people to do things they otherwise couldn’t. It’s about building a better world for ourselves and everyone around us and everyone around the globe.
The people who are building these products and those that will end up changing the world don’t always set out to do so. You don’t have to have some grand vision. You just have to start somewhere—start small—and attempt to make one little thing better or easier for people around you.
You have no idea the affect you can have on the world around you unless you just start building.
And building is not limited to technical people. It’s not limited to “blockchain experts.” This space needs everyone. We need people from all backgrounds and with all sorts of experiences. We need the people building these products to reflect the people using these products. If we want to collectively change the entire world, we need to touch everyone. And we cannot touch everyone if the builders are only from one location or only have one set of experiences.
Think about what skills and experiences you have that could make this ecosystem stronger. What do you see that no one else sees? What do you have that no one else has? What do you want this world to look like tomorrow? How can you shape that world?
If you want to help MyCrypto shape this decentralized ecosystem, email me at firstname.lastname@example.org. We are always looking for amazing and talented and passionate people who can contribute their technical and non-technical skills.
And with that, I’ll let you get back to debating on crypto-twitter, attempting to call the bottom on /r/ethtrader, or, perhaps, using this information to slightly improve whatever you are building. Because, without truly usable and secure products, we will never see the top again and we will eventually run out of things to debate.
Work together, share your knowledge, share the love, and create amazing things that ensure people have a positive, successful, and confident crypto experience. Thank you.