Are Security Questions a Joke? Or is the way the Systems are Designed the Real Joke?

August 9, 2012
Security questions

Security questions (Photo credit: janetmck)

I read a great article the other day on the threat posed by the use of password security questions as a Computer security issue.

I too have been quite amused by the poorly designed questions which purport to help you if you forget your login information for a site.  Frank Voisin suggests a few ideas to make them more applicable.

However, the second item jarred with me – Applicable: the question should be possible to answer for as large a portion of users as possible (ideally, universal).

Why?

I would have thought that the primary (and only) function was to have something which was individual to the person involved.

Now I’m only a human factors scientist, but my training suggests that we ask the individual to design their own questions.  Sure, give them some advice and make the process as intuitive as possible, but give them the ability to make it as individual as they like – surely that‘s the whole point!  After all, this information is only kept in a secure database to be accessed as needs permit.

Is it more that the systems designer was trying to make his or her job easier?  Sort of fitting the human to the system rather than designing it to the individual’s explicit needs?  Did this save them a few lines of code?

Obviously some human science input into this area is sorely needed.  This raises the question of whether someone who is a computer scientist first and has cross-trained into the human interface is the best person for this role, or someone with a psychology or social science background.
My suggestion is that in this case, you really need some cross disciplinary interaction to arrive at an optimal solution.

Advertisements

Was Steve Jobs the Commercial Mesiah?

August 9, 2012

English: Steve Jobs shows off the white iPhone...

I recently viewed a Simon Sinek presentation on TED:

He used Apple as an example of a business which uses the why or underlying belief system as its primary corporate message which then leads into the how and what they do.

This brings to mind an article reflecting on the Steve Jobs legacy that I read after he passed away.  Steve insisted that the design of a product be the key factor.  This then informed the subsequent engineering process and marketing.  As Sinek notes, he did the opposite of what other technology companies typically do.

In doing so he not only made Apple a premier company but also made it a leader in its field.  If imitation is the sincerest form of flattery, the design of competition mobile phones, entertainment devices and tablets signal that Apple’s business method is the one to follow.This is a simple diagram known as a Business O...

How does all this relate to Human Factors Science and Human Science generally?

I believe that we provide the why based on our knowledge of the end user – the human.  Unfortunately, all too often the technical and marketing areas dictate what is produced without any input or thought of the human interface, reflecting some of Sinek’s assertions.  If the end user does not find the product intuitive or empowering to their human experience (informed by our scientific approach to this aspect) the product will probably fail as a commercial success.

So really the challenge is not a real challenge at all.  Get professionals to handle matters at each stage of the process.  However, start with the Human Factors Scientists to provide the why, then let the engineers and technicians loose to produce what they’re good at, the how and what.