Posts Tagged internet
DoD myPay website: Security vs. Usability
Posted by jasonwong in bad design, clutter on July 12th, 2009
myPay (https://mypay.dfas.mil/mypay.aspx) is a service of the Defense Finance and Accounting Service. This service is relevant to civilians because they can log in and view their pay stubs. Security is important, and the Account Access section is built for security. From the website:
To better protect your myPay PIN, DFAS has installed a VIRTUAL KEYBOARD for you to enter your myPay PIN. This keyboard reduces threats from malicious software (e.g. spyware, keyloggers, etc.). The virtual keyboard displays the keys in random order and requires you to click on the appropriate key with your mouse. To learn more about this feature, see our Security FAQs.
And here is what the Account Access component looks like:
So, since this blog focuses on human factors, let’s look at the usability of this system. First off, the virtual keyboard for the PIN is a giant pain in the butt. Having to visually search through a row of ten numbers placed randomly and then having to click on them is time consuming and effortful.
There are several issues that stem from this. Your PIN, or Personal Identification Number, apparently can contain letters. This is evident from the letter keys in the virtual keyboard (which, of course, makes the visual search and clicking even more difficult than before). If the website is designed for security, the PIN should be renamed PASSWORD, which people understand contains more than just a series of numbers. PIN implies 4 digits, sometimes more. So even if the virtual keyboard is designed to secure your PIN, the fact that most people would use a string of numbers is not secure.
Secondly, the virtual keyboard that requires you to click on the buttons is designed to guard against keyloggers, which is software designed to capture your keystrokes and send them somewhere so that your passwords, credit card numbers, etc. can be stolen. However, if the site is so concerned about keyloggers, why is the virtual keyboard ONLY active for the PIN? You do not even have the option of using the virtual keyboard for your LoginID – you must use the regular keyboard and open yourself to the possibility of keylogging software on your computer.
Even worse is the fact that your LoginID starts off as your social security number – the whole nine-digit number that citizens are supposed to keep incredibly private. You can change it to a regular username, but nothing more than eight letters. So this highly secure website either opens up your social security number to keyloggers or restricts you to an eight-character LoginID.
So here is my big issue with this. Security measures are oftentimes a human factors nightmare (for example, those scrambled letter CAPTCHAs you have to decipher before signing up for a website). However, they must be fully implemented for maximum security – no compromises. And this site is nothing but compromises. A virtual keyboard that only works for the PIN and not the username, a password that encourages using a short string of only numbers, and a LoginID that is either one of your most important personal identifiers or else a too-short character string that must be typed on the keyboard.
This site fails at Human Factors because it tries to be convenient while still being secure, and in the end, it fails at both. This is not to say security and usability are mutually exclusive, but the designers of the myPay site managed to achieve this goal.
Ubuntu Installation Instructions: The Power of Open Source
I received some feedback on the last post where I discussed the Ubuntu installation rules. A very nice person noticed an error in Step 7 and told me what to change. Additionally, that user also made the changes to the page itself, since it was a Wiki.
A wiki allows anyone to come in and make changes to the page, which means a site can access the talent of their user base. Therefore, I went ahead and made a couple of changes that hopefully made the Mac OS X installation instructions more clear. Wikis exemplify the power of open source, with a community of users contributing to make something better. Oftentimes it is programmers, but sometimes the improvements come from regular users. That desire to improve what gives us joy is a factor of psychology that open source exploits, and everyone is the better for it.
Check out the new installation instructions here.
Woah – user testing gone too far?
Posted by jasonwong in user testing on March 20th, 2009
Douglas Bowan, a designer at Google, is leaving the company. His blog post said that he “introduced Visual Design as a discipline to Google,” which sounds like an impressive feat. But why is he leaving?
Yes, it’s true that a team at Google couldn’t decide between two blues, so they’re testing 41 shades between each blue to see which one performs better. I had a recent debate over whether a border should be 3, 4 or 5 pixels wide, and was asked to prove my case. I can’t operate in an environment like that. I’ve grown tired of debating such miniscule design decisions. There are more exciting design problems in this world to tackle.
Woah. Sometimes, good design trumps usability, and that’s bad. Most human factors professional would also emphasize the importance of user testing. But testing 41 shades of blue? Requiring data on whether a 5-pixel border is too wide? Yeah, it’s time to move on. Fascinating stuff, though.
Mint.com: Form over functionality gone wrong
Posted by jasonwong in bad design, clutter, data visualization on February 1st, 2009
Mint.com is a money management website. You enter in your logins and passwords for your banking, credit card, and loan websites, and Mint.com collects up-to-date financial information and presents it to you on one screen. This is much easier than logging in to many separate websites, and it is free, so it is better than paid applications like Quicken.
One design choice that bothers me, however, is how they don’t present the change. If you have $125.70 in one bank account, the website will show $126. This is an aesthetic choice (presumably designed to reduce clutter) that I think is annoying. We are all used to dealing with cents, so I don’t know why rounding off to the nearest dollar makes things less confusing.
Nonetheless, I opened up my Mint.com page today and saw this (a snippet from the whole page):
One of my credit cards had a small balance, but it was showing the cents this time: $8.00. I found it interesting that they would show the cents for a small balance. Even more interesting, though, when I opened up the Transactions page was this:
I actually had $7.98 on my card! Mint rounded that up to $8, but also showed the cents, making me think this was a fully accurate representation of my account balance. Instead, Mint got more specific by showing me cents but got those specifics wrong.
It is strange cases like this that makes me desperately wish Mint.com displayed cents all the time. This way, everything is perfectly accurate without much cost to the user. Again, we are all used to dealing with cents. Including them will not increase clutter by all that much. We can handle it, Mint. I promise.
Infographics: FiveThirtyEight’s Senate Map
Posted by jasonwong in clutter, data visualization, mental map on January 1st, 2009
FiveThirtyEight.com is a political site that was incredibly useful during the 2008 US Elections for its incredible number crunching, statistical models, and data displays. Now, with the election over, the site is planning on introducing information about votes in the Senate.
The question that FiveThirtyEight is trying to tackle is how best to display the information. In my opinion, there are several important pieces of information for each data point (each Senator):
- How they voted
- What party they belong to
- Where they are from
FiveThirtyEight has four different versions they are testing, and they can be seen here. An example is posted below.
A couple of things jump to mind immediately.
First, the distorted map is interesting. Every state is given two squares instead of using an actual geographical map of the US. This keeps states that are near each other close, but it can be difficult to find one specific state because this map is not immediately familiar. I think it’s kind of odd.
Secondly, there are two Senators from every state, which is a difficult thing to show. The solution of giving each senator a square so each state is two squares is not bad, but it is not especially intrinsically informative.
Finally, it is interesting that some maps throw out “Nay” information. For example, in Version A, Nay votes are crossed out, but the state name virtually blends in with the background so you cannot identify the state from which someone voted Nay. Similarly, Version D removes a majority of color information from the Nay votes, turning the square primarily black and putting the state name in the party color.
The question that should be asked is simple: what information needs to be immediately understood? The answer may very well differ. In some cases, if the vote is across party lines, the Yays and Nays should quickly indicate party affiliation. If it’s a more regional issue, then the map should be geographically accurate and filled in using similar color blocks.
As long as all the information is present, it may be worth considering using different maps or coloring schemes depending on the point that needs to be gotten across. It seems like there is simply too much information to be conveyed that any important points can be instantly seen. Instead, these maps appear as a graphical jumble that will likely be difficult to interpret.
-
Cognitive Daily- Cognitive Daily Closes Shop after a Fantastic Five-Year Run
- Both musicians and non-musicians can perceive bitonality
- Synesthesia and the McGurk effect
- Does watching TV really kill you?
- The outfielder problem: The psychology behind catching fly balls
- Picks and interviews from ResearchBlogging.org
- Is there an easier way to detect lies than what you see on TV?
- Wine and taste: Wine labels also affect our opinions of the food we eat
- TV's unintended consequences -- good and bad
- Picturing language: Does it help or hinder?
