Designers think about the fine details of stuff, so that users don’t have to worry about them.
— Adapted from The Genius of Design: Ghosts in the Machine
Creators — be it designers or business owners — build tools that make it simpler for people to do a job. Every tool has two sides: one that does the job, and another that exposes an interface to users. It is our responsibility to maintain a gap between the two so that users are not hassled by the complexities involved in the task.
At Meta Refresh 2013, I gave a talk to highlight the problem of unnecessarily exposing implementation details to users. Little details that are easily overlooked while worrying about the larger scheme of things, e.g. URLs, button labels, error messages, etc. Sometimes we build a solution that simply passes on the problem to users.
We’re not just fairly competent at designing systems but also extremely competent at using them. Clearly we differ from our users. This often limits our ability to recognise goof ups. We need to constantly question the effectiveness of our decisions to ensure that our designs are meaningful for users.
We are going to be speaking at the event and we put together two short videos to introduce our talks.
Above: Souvik introduces his talk Overexposed — a call for proactively reducing the exposure of implementation details in our work. Syntax laden URLs, as an example.
Below: Prateek introduces his talk Design by Philosophy — an approach to making design decisions based on the most basic forms of ideas — philosophies.
The conference takes place on the 22nd and 23rd February at the MLR Convention Centre in Bangalore and tickets are still available.
Hope to see you there!
Aarron Walter over at MailChimp has a good assessment of the Twitter, Facebook et al., login buttons that have become common all over the web. He makes a convincing argument that these social login buttons do more harm than good. But if we take a step back, there is a more interesting story to explore in there.
From April 12 to May 12, 2012, we had 340,591 failed login attempts. That’s the total number of times someone tried to get into MailChimp to get their work done and couldn’t remember their username and/or password, or simply mistyped. Think of how much wasted time and frustration that translates to.
The reason MailChimp turned towards third party OAuth solutions in the first place was to reduce the high number of login failures. While they’ve had some success in reducing this failure rate (attributed to better copy and improved error handling), the number of failures remain high enough to be a cause for concern. And MailChimp is hardly alone in this regard.
The traditional username + password based authentication paradigm has served us well over the years. It is almost second nature to any seasoned web user today. In fact, it is so widespread that you need not be an expert to realise the terrible experience or flimsy security it provides.
Of the people who struggled logging in, 68,145 had to resort to resetting their password, and 38,137 had to get a reminder about their username.
The need to come up with memorable credentials, to make passwords cryptic, keep them confidential at all times, not see what you’re typing, to remember the correct combination of the different services, usernames and passwords (and at times password recovery answers) you’ve created, easily stolen identities, increasing susceptibility to brute force attacks, and above all the general inconvenience of getting to your data.
None of this is a revelation. Designers and engineers have long been aware of this less-than-stellar situation and various efforts to address the same have been made over the years. Incremental usability improvements like not asking people to re-type passwords during sign-up, letting people see what they type, using email addresses for usernames etc. have definitely helped. As have efforts to fundamentally replace the username + password auth system, such as OpenId, OAuth and the likes.
Unfortunately, none of the replacements have been as successful as the system they were trying to replace. Yet the need for a replacement is more dire than ever. More people are using the web and putting their information online than ever before and our existing authentication process is intrusive, inconvenient, and not entirely secure. There are encouraging developments like Mozilla’s Persona (née BrowserID) and the push for ‘no passwords’, but it is early days still and the ground is very much open for a sweeping change.
This post was meant to be published last October but had been sitting in our drafts. Here it is, one year on…
We like to think of the incredible outpour of tributes as a celebration of Steve Jobs’ life instead of mourning at his passing. A celebration of good design, of sweating the details, of running a business on the basis of great work and of having the cheek to think you can actually change the world.