Menu

Security, passwords, and the messiness of everyday experiences

I enjoyed On Culture and Interaction Design, an interview with anthropologist Genevieve Bell. In one section she discusses how we often design systems based on a cultural ideal, but in practice it ends up solving the wrong problem. She uses the example of security:

We design systems to keep systems safe and people write their passwords on bits of paper stuck to their systems. So, is it that people don’t care about security or is that the security we are designing is securing the wrong things? Or, are they just securing them in the wrong ways? Clearly we know that people care about the security of their homes, their possessions, their digital selves, but they adopt a range of patterns for doing it that are incredibly messy, complicated, and contradictory.

Passwords ensure that unauthorized people don’t get access to a system. But the mere fact that tools like 1Password exist to remove the need to remember passwords should tell us that we’re doing it wrong. Current password systems solve the problem from the wrong perspective: the system, not the user.

The problem runs even deeper. We’re not only solving the problem from the wrong perspective, we’re also introducing unnecessary complexity because of the way these systems are implemented. From a great post on the AgileBits blog:

Security systems (well, the good ones anyway) are designed by people who fully understand the reasons behind the rules. The problem is that they try to design things for people like themselves””people who thoroughly understand the reasons. Thus we are left with products that only work well for people who have a deep understanding of the system and its components.

This is why people have weak passwords and write them down on pieces of paper everywhere. It’s why the experience is complex and messy, and why we have to spend so much time building “Forgot password” flows when we could be spending that time making the core experience of our products better.

So what’s the alternative? I have a huge appreciation for the role that anthropology can play in the design of products and experiences – which is what Genevieve advocates in her interview as well. Ethnography (often called Contextual Inquiry in the user-centered design world) is the single best way to uncover unmet needs and make sure we are solving the right problems for our users.

In Ethnography in Industry, Victoria Bellotti defines ethnography as “a holistic, in-person, and qualitative approach to the study of human behavior and interaction in natural settings.” By using this method to understand the culture and real needs of personal security, we should be able to design a user-centered solution to protecting digital information. One that isn’t stuck in the downward spiral of designer myopia we often encounter in proposed solutions to complex problems.

Security is an impossible industry to reinvent, you say? Maybe. But the problem does remind me of something Matt Legend Gemmell says about innovation in his excellent post Copycats:

The lesson of the technology industry in the past five years is that really successful products dare to NOT copy. They’re pure, in that they’re actually designed from first principles – they’re based on the problem and the constraints, without being viewed through the lens of someon’s existing attempt. You know, the kind of thing you actually wanted to work on when you got your degree and were still unsullied by the lazy, corporate machine.

So who wants to take a crack at it?

No more unedited first drafts

Mandy Brown in Babies and the Bathwater, a great article for the first edition of Contents Magazine:

Something about the nature of digital content seems to give us permission to slack off editorially. Digital formats are routinely marked by slapdash editing and nonexistent proofreading””a sign of how little anyone cares. Many online publications rearrange content based on the needs of machines rather than people. As the web forces us to speed up our publishing process, editing is often the first thing to be thrown out.

This is one of my pet peeves as well. Publishing is cheap, but that doesn’t mean we don’t have to do it right. I like how Merlin Mann puts it in Better:

What worries me are the consequences of a diet comprised mostly of fake-connectedness, makebelieve insight, and unedited first drafts of everything.

Words continue to matter more and more. Let’s not forget to edit them.

Conditioning and the addictive nature of social media feeds

When presenting someone with a stimulus results in some kind of reflexive behavior we call it classical conditioning. The most famous example of this is Ivan Pavlov’s experiment where dogs started salivating whenever they heard a bell that indicated that food was on the way.

Compare that to operant conditioning, which happens when someone deliberately alters their behavior because of a stimulus they receive as a result of that behavior. We all know about positive reinforcement[1] – that’s one of the ways to affect operant conditioning in someone. The classic example here is the experiment where rats can be taught to press a lever to get sugar solution delivered down their feeding tubes.

In Unpredictable Rewards, Kevin Purdy applies the theory of operant conditioning to activity streams on Twitter and Facebook. He explains why some people[2] can’t stop looking at their feeds:

Eyal Ophir, primary researcher at the Stanford Multitasking study, believes ticker-style updates are effective in a way familiar to researchers of operant conditioning.

“Unpredictable rewards keep us guessing, so we’ll keep checking long after we’re no longer getting rewarded, because ‘you never know,'” Ophir wrote in an email. “So if there’s one or two exciting tweets, or a rewarding social experience in the Facebook Ticker, and we can never tell when something like that will come again, that’s going to be a good motivator for us to just keep checking. And that’s going to drive up the perceived value of interrupting whatever we’re doing (work, family, etc.) to go and check.”

It’s scary to think about our social media activities in this way, especially if you keep going down the path of operant conditioning. One of the key predictive factors is deprivation: “the effectiveness of a consequence will increase as the individual becomes deprived of that stimulus”. So, the less frequently you see something valuable in your stream, the more motivated you become to keep checking until you find that one valuable piece of information.

It might be time for us to step back and accurately assess the size of the benefit: “If the size, or amount, of the consequence is large enough to be worth the effort, the consequence will be more effective upon the behavior.” How valuable is the number of likes on that one status really? And is it worth checking our phones every 5 minutes in the hope of seeing a change?

 


  1. When a behavior (response) is followed by a stimulus that is appetitive or rewarding, increasing the frequency of that behavior (via Wikipedia) ↩
  2. I’m going to say “some people”, not “I” or “we”. I like living in denial like that. ↩

Please let this not be the future of reading on the web

In The Pummeling Pages, Brent Simmons sums up the experience of reading on the web, which is something I’ve become increasingly frustrated with as well:

I was there because I just wanted to read something. Words. Black text on a white background, more-or-less. And what I saw “” at a professional publication, a site with the purpose of giving people something good to read “” was just about the farthest thing from readable.

The site has good writing. But the pages do everything possible to convince people not to try. “Don’t bother,” the pages say. “It’s hopeless. Oh “” and good luck not having a seizure!”

I see the sentiment echoed everywhere, including tweets like this one by Alpesh Shah:

alpesh.jpg

 

Just to be clear about what we’re talking about, here are a few examples that illustrate why there is such a growing frustration with reading on the web.
(more…)

Celebrating the “Deus Ex Machina” moments in software development

I’ve written about Dhanji R. Prasanna excellent post on Google Wave and working at big companies before, but I wanted to come back to something he said that I just can’t get out of my head. In one section he talks about a topic I care about very much – what motivates people to do great work. I really like his perspective on the importance of incremental progress:

[As] a programmer you must have a series of wins, every single day. It is the Deus Ex Machina of hacker success. It is what makes you eager for the next feature, and the next after that. And a large team is poison to small wins. The nature of large teams is such that even when you do have wins, they come after long, tiresome and disproportionately many hurdles. And this takes all the wind out of them. Often when I shipped a feature it felt more like relief than euphoria.

I like the analogy of these small wins as Deus Ex Machina:

[It means] “God out of the machine”; a seemingly inextricable problem is suddenly and abruptly solved with the contrived and unexpected intervention of some new event, character, ability, or object.

It’s so important for large teams to celebrate those wins with the people they work with every day – and to call out the “characters” responsible for accomplishing Deus Ex Machina. It is hard to get that right in large organizations because the invisibility of individual team members and the pressures to move on to The Next Thing aren’t naturally conducive to this type of behavior. But it’s possible if you work at it.

Whether you keep some champagne in a fridge, send out company-wide emails thanking people personally, or ring a bell every time code gets deployed (ok, that last one is lame, sorry), being in a large organization isn’t an excuse for acting like a faceless corporation.

We might as well make beautiful things

This is one of my favorite stories in the Steve Jobs biography:

The result was that the Macintosh team came to share Jobs’s passion for making a great product, not just a profitable one. “Jobs thought of himself as an artist, and he encouraged the design team to think of ourselves that way too,” said Hertzfeld. “The goal was never to beat the competition, or to make a lot of money. It was to do the greatest thing possible, or even a little greater.”

He once took the team to see an exhibit of Tiffany glass at the Metropolitan Museum in Manhattan because he believed they could learn from Louis Tiffany’s example of creating great art that could be mass-produced. Recalled Bud Tribble, “We said to ourselves, ‘Hey, if we’re going to make things in our lives, we might as well make them beautiful.'”

See also The difference between Apple and Microsoft: product before profit.

The fallacy of rewarding activity more than accomplishment

John D. Cook writes some scary true words in Productivity and negative space:

People who fracture their time putting out fires seem more productive, or at least more responsive, than the people who block out time to think. It’s harder to notice someone not being frantic. Thinkers don’t fare well in environments that reward activity more than accomplishment.

This is such a huge problem in big corporations today. People who are running from meeting to meeting are perceived to be more productive than those who sit at their desks working all day[1]. And the problem is worse for programmers – very few managers understand what they do, so it’s hard for them to stomach days and days of solid coding without seeing something “tangible” (in their view).

It all comes back the difference between Makers and Managers, and how the Makers should be evaluated on completely different criteria than the Managers. Criteria that reward the quality of what they make, not the number of status updates they give.

(link via Graham Poulter)

 


  1. I’m not saying that people who have a lot of meetings are necessarily less productive, just that those who are not in meetings are “out of sight, out of mind”, and therefore not seen as particularly productive.  â†©

Copying taste without understanding design

Rob Beschizza in What the Vaio Z says about Sony’s little design problem, a brilliant article on the difference between taste and design:

Apple competitors are obsessed with copying Apple’s tastes without copying its central design habit, which is solving a problem and then refining the solution until the problem changes.

This is also what makes the HP Envy such a bizarre rip-off of the Macbook Pro. It all reminds me of that scene in Armageddon where the Bruce Willis character blows up at the contractors who tried to build an oil drill he designed:

Let me get this straight. You had me pulled off my oil rig, flown half way around the world, you stole my drill design, couldn’t read the plans right, and did a piss poor job of putting it together!

I can image hearing those same words coming out of Steve Jobs’s mouth if he could see the Sony Vaio Z and the HP Envy.

More

  1. 1
  2. ...
  3. 176
  4. 177
  5. 178
  6. 179
  7. 180
  8. ...
  9. 192