Usability Heuristics on Critical Systems — #3 User Control and Freedom
In the third of our Usability Heuristics series, we explore the value of control and freedom in usability for critical systems.
In the last article about Jakob Nielsen’s Heuristic and critical systems, we discussed the importance of matching systems with their real-world counterparts. In essence, the importance of speaking the user’s language.
This time, we will focus on the third heuristic: user control and freedom. Notably, we’ll cover how approaching this heuristic in the right way can also address issues with heuristic #5, error prevention.
#3 User control and freedom
Systems should allow users to undo and redo an action or task. Users often make mistakes when using a system or want to change something about the system. Having a clear ‘emergency exit’ gives a sense of control over the system — having an exit available to leave an unwanted action without the need to go through an extended process, or in some cases, to suffer the consequences of an unwanted action with no possible return.
Why is this important?
Allowing users to correct mistakes or backtrack on choices they have made increases the sense of exploration and facilitates learning. Users will feel in control, empowering them to discover new features and experiment with the system — as well as ensuring they don’t feel stuck or frustrated if they make a mistake.
How can systems achieve this?
1. Support Undo and Redo functions within the system.
2. Show a clear exit to the current interaction (e.g., Cancel button)
3. Label your exit and make it easily discoverable (like an exit sign).
Examples:
This heuristic is very clear about what needs to be done. As you can see below, in just one screenshot from Gmail, many of these features are easily identifiable:
— Back to return users to a previous page or screen (pink square)
— Undo and Redo (green square)
— Cancel Button to quit a task or multi-step process (purple and yellow squares)
— Close to close a new view (yellow square)
Gmail: a case study in user control and freedom
When you click on an email to read it, the email occupies the entire screen, but you can always go back to the list of e-mails. When writing a new message, you can undo/redo and close the new message window to quit the task. If you send an email or perform any action with a significant impact, a snackbar will appear — for a couple of seconds, you can undo the action (on the example above, hiding labels can be undone by clicking Undo).
In Gmail, it’s effortless to leave a task, go back a step and undo/redo a change. Even in the most extreme case, that is to Cancel the sending of an e-mail, you have several exit points and Undo/Redo functions which allow users to feel like they are in control. This gives users a sense of freedom — they are not punished for their mistakes, and they can always quickly correct an error they make or go back on a choice (within a specific timeframe).
Allowing users to exit or undo fosters not only a sense of freedom, but also confidence in the system. It avoids the scenario in which they become stuck and start to feel frustrated. The opposite happens — users feel like they’re in control of the system.
User control and freedom in critical systems: the Hawaii incident
On the morning of Saturday, January 13, 2018, a ballistic missile alert was issued via the Emergency Alert System and Commercial Mobile Alert System over television, radio, and cellphones in the U.S. state of Hawaii. The alert stated an incoming ballistic missile threat to Hawaii, advised residents to seek shelter, and concluded: “This is not a drill”. The message was sent at 8:07 a.m. local time. However, no civil defence outdoor warning sirens were authorised or sounded by the state.
Thirty-eight minutes later, State officials blamed a miscommunication during a drill at the Hawaii Emergency Management Agency for the first message.
In the image above, you can see an example of the interface used to send the message. The interface includes several types of emergency alerts and warnings mixed with drills for these alerts in the same list.
PACOM (CDW) — STATE ONLY was the option the operator mistakenly selected. The operator should have chosen DRILL- PACOM (CDW) — STATE ONLY, the alert drill.
Other heuristics were breached, but let’s focus on the third: user control and freedom. It’s not possible at any moment to undo a mistake. After clicking to send a message, it is impossible to undo. There isn’t even a confirmation step before the system sends the message — meaning one click was all it took to send this alert out to all smartphones in Hawaii.
The users were allowed to send a message saying the previous one was a mistake, but only after 38 minutes had passed. That happened for two reasons: the same people who can send the alert are not allowed to send anything except alerts; they needed the proper permissions to do so. What’s more, the message to correct the mistake was not already implemented into the system, having to be created and added by off-site developers.
This system is not kind to users — there is no freedom or control afforded to them. You can’t undo/redo, cancel or go back. You have a list of actions with no distinction between them besides the content. That ultimately caused a highly distressing error and made the process of correcting that mistake long and highly stressful to users, as well as recipients of the alert across Hawaii.
Final thoughts
Critical systems demand even more attention to the validation of heuristics than other systems because a mistake can impact many lives. Hawaii went into panic mode for almost 38 minutes because parts of the interface were poorly designed.
A simple undo of the message is rarely enough: confirmation of the message, a timer setting, being able to cancel and go back, redesigning the visual hierarchy, etc. are all necessary. That essentially amounts to a complete redesign of the system in question. This also applies to the bureaucratic processes behind correcting a mistake. Rethinking the system is also rethinking the processes that empower or constrain the tasks that are performed within it.
Giving users freedom and control of critical systems is more than just giving users confidence and avoiding feelings of frustration. It involves extending processes to correct mistakes within critical systems, mistakes that can impact vast quantities of lives and businesses. These mistakes could cost someone their job, their business, and sometimes even their life… and all that, as seen in the Hawaii example, at the click of a button.
Kudos to Maria Meireles for writing this article!
Usability Heuristics on Critical Systems articles
Get in touch
Designing for critical systems
uxd@criticalsoftware.com
