UX & Security, Part 2: Account Registration

In my previous article, I discussed the outstanding user experience Universal Studios provides to its customers while maintaining an extremely secure, well-monitored amusement park. It was literally a use case on how to integrate security into an overall satisfying customer experience. There is no reason why this should not be applicable to the virtual world as well.   So today, I’m going to discuss one of the most critical user experience issues in security, and how it can be improved: Account Registration. Account Registration is an extremely critical activity on many websites. In most cases, it has a direct impact on a company’s conversion metric and given this, such an activity needs to be frictionless. But, this is rarely the case.   To make things as easy and user-friendly  as possible, we need to focus on improving the following areas: Unique Usernames We are often asked to provide a unique username for a new account.  This process needs to be as smooth as possible.  However, companies often place a ridiculous amount of restrictions on what the user names can be:

• Between 6 and 12 characters
• An upper case letter
• A lowercase letter
• A number

This does not help the user chose a username that they are likely to remember. Quite the opposite, as a matter of fact!  It forces them to create weird usernames that are often not in natural language, mean nothing to them personally and aren’t even close to anything they might be using elsewhere.   That means they constantly click the “Forgot Username” link when they log in, or that they don’t log in at all. The sad fact is, most users already have an email address, which, in itself, is unique. So why place these ridiculous restrictions on users?  Allow them to enter a unique username or email address to create their account. Or, an even better experience, allow them to log in with their Facebook, Twitter, or Google login credentials.  This practice has become common enough, that in today’s day and age, people expect that option. Password Restrictions The most frustrating thing that can happen when a user tries to create a password is to receive a vague message that the password entered isn’t good enough.  Something like “Invalid Password!”, or “Not a strong enough password”.  If the user isn’t informed on exactly what is wrong, how can they correct the issue?  And, if a password for their account can’t be created, then they can’t complete the registration process- again, a loss for their conversion metric. So it’s always a good practice to tell your users the rules and regulations for creating a password.  Minimum length, what character combinations are required, what characters are not allowed, and the maximum length if one exists.  Even better, inform the user of the criteria they are meeting as they type, so they know when the criteria have been met. reCAPTCHA Most of you know reCAPTCHA is the tool provided by Google to detect if users are a malicious bot or a real person. Most probably, the reason you remember reCAPTCHA is that the original version was painful.  Your users would have to look at grainy photos of warped letters and numbers, trying to depict what they said, so they could complete your form.  Although improvements have been made to this technology to make things more user-friendly, it can still be pretty annoying and frustrating. Try to avoid using this technology, and other similar technologies as well.   There’s no doubt in my mind, that as an industry, we need to find better solutions to these problems. We can create tools that measure the speed at which we type.  We can implant hidden fields to trap bots. There are probably many innovative solutions out there that can be explored. The only thing required is to focus on user experience and make that investment. Addressing these three issues is not going to completely alter our user experience to the level seen at Universal Studios. However, it’s a significant step in the right direction.  Too often we let these little things slip by because “if it’s security, it’s not going to be a great experience”, but trying to improve and change our mentality about security can yield several important benefits.