Category Archives: Uncategorized

Nov 8 2011

Human Factors International Wants to Give You a Kindle Touch!

By: Manna Navai | Category: Uncategorized | Leave a Comment

Its that time of year again! World Usability Day is coming up in a few weeks (November 10, 2011), and to celebrate, many different groups around the world are preparing various events, contests, and information sessions.

What is World Usability Day you ask?

According to the organization http://www.worldusabilityday.org/:

World Usability Day was founded in 2005 as an initiative of the Usability Professionals’ Association to ensure that services and products important to human life are easier to access and simpler to use. Each year, on the second Thursday of November, over 200 events are organized in over 43 countries around the world to raise awareness for the general public, and train professionals in the tools and issues central to good usability research, development and practice.

Check out the site for more information on what its all about, as well as what’s going and how to get involved. One of the more compelling contests includes a chance to win a Kindle Touch from Human Factors International. All you have to do is tell them about your worst usability experience and how it could have been avoided: http://www.worldusabilityday.org/human-factors-international-world-usability-day-contest

Are you planning a local World Usability Day event? Let us know!

 

Mar 15 2010

The Design of Personal Security Questions

By: Meredith Noble | Category: Uncategorized | 3 Comments

Personal security questions on websites have been de rigueur for quite a while now.

You know what I’m talking about. You answer some personal questions (à la “What was the name of your best friend’s aunt’s dog in kindergarten?”) on sign-up. Later on, if you forget your password to that website, you can reset your password by answering those questions.

Let’s stop and think about that for a second. Answers to a few personal questions are a direct path to your password on certain sites. (Is anyone else getting chills yet?)

Like passwords, personal security questions are an area where security and usability collide head-on. Attempts to make something more secure can often result in making it less usable. Unfortunately, all too often, sites fail on both counts, compromising both usability and security.

Let’s review some of the most common problems with personal security questions, and how to improve your use of them.

Usability Problems

  • Questions are not specific enough.
  • Example: “What is your pet’s name?”
  • How it can fail: Which pet? What if you have three cats, a boa constrictor, and five chickens in the yard?
  • Improvements: Ensure the question is as specific as possible, with only a single possible answer. This is still far from ideal, but one option here would be asking “What is your cat’s name?” or “What was the name of your first cat?”.
  • Answers to questions change over time.
  • Example: “What is your favourite colour?”
  • How it can fail: Favourites are pretty fluid things. It’s hard to remember what your favourite colour might have been when you signed up for that site. My favourite while I was at university was red, but now I’m quite partial to teal.
  • Improvements: Avoid questions about favourites entirely. If users have already answered questions about favourites, tell them the date when they answered the question.
  • Users don’t have an answer to the question.
  • Examples: “Where did you go on your honeymoon?” or “What was your kindergarten teacher’s last name?”
  • How it can fail: Not all questions will be suitable for all users. Many people aren’t married or didn’t honeymoon; others cannot remember their teacher’s name from when they were 5.
  • Improvements: Never force a user to answer a specific question — always give a wide variety of options, and think carefully about how many will be applicable to different sets of people (young people, middle-aged people, older people, single people, married people, people from other cultures, etc.).
  • Users provide answers that aren’t easily repeatable.
  • Examples: “What street did you live on when you were 10?” and “What high school did you attend?”
  • How it can fail: Although these are nice and specific, users may write an answer in one format when registering, and provide it in another format when challenged at a later date. Did I write “Main St.”, “Main Street” or “Main St”? Did I write “Stoneybrook High”, “Stoneybrook” or “Stoneybrook High School”?
  • Improvements: Try to avoid questions for which you can foresee repeatability issues, and, if you do use them, remind users to pay attention to format.

Security Problems

  • Answers to questions are easily guessed.
  • Examples: “What is your eye colour?” and “How many children do you have?”
  • How it can fail: Hackers know the most common answers to questions and will try those first. It doesn’t take much to guess “blue”, “brown”, “hazel” and “green”.
  • Improvements: Avoid questions where the answer is likely to be highly guessable.
  • Answers to questions are easily found online or in other public sources of data.
  • Examples: “What’s your birthday?” and “What high school did you go to?”
  • How it can fail: In the age of blogs, Twitter, and Facebook, a ton of information about you is available online. Beyond the most obvious data like your birth date (which most people would expect to be easy to dig up), it is easy to divulge something you think is private information but is actually easily accessible. This could be because you shared it online and forgot, or because someone else shared it online and you didn’t find out.
  • Improvements: Avoid these kinds of questions.

Improving Your Use of Personal Security Questions

  • Decide whether personal security questions are truly useful for your site. Would emailing a password reset link to an email address be sufficient for your needs? If you feel you must use security questions, try to avoid making them the sole gateway between a user and a password: instead combine them with some other security measure.
  • Always tell users the date they provided answers to their security questions.
  • Yahoo does this well:
  • yahoo_pvq_date_example
  • For instance, I planned to have my honeymoon in one city, but it got changed to a different city at the last minute. Knowing I answered the question in November instead of October makes all the difference in helping me answer the question correctly.
  • Consider implementing a CAPTCHA to prevent hackers from writing scripts to automatically guess answers.
  • Consider letting users fill in the blanks to make stronger questions. Mike Just describes this in his paper, Designing and Evaluating Challenge-Question Systems. Provide a question such as, “What is _______’s favourite food?” and let the user fill in a person of their choice.
  • Consider using an alternative challenge and response approach. In his paper, Personal knowledge question for fallback authentication, Ariel Rabkin describes using images, e.g.  having users upload a picture and asking “What is the first name of the person in this picture?”. Other possibilities also exist.
  • If letting users write their own questions, give adequate guidance. Remind them:
    • To choose something very memorable (something they’ll still remember the answer to in 3 years).
    • To choose something that is fixed over time (favourites come and go, as do pets).
    • To choose something that is not easily guessable, particularly numerical answers. For instance, there is a fairly fixed set of answers to the questions “How many children were in your family?”.
    • To choose something that is not published online or in public records.
    • To try to choose something only they know the answer to. (This is extremely difficult. In lieu of this, encourage them to choose different types of questions, such that no one person knows or can find answers to all of the questions. Remind them that the person trying to get into their account could very well be someone they know.)
    • Why it is important to choose questions with secure answers (i.e. what the consequences are if someone manages to answer the questions correctly).
    • To not panic. Presenting all of this info and instructions can be overwhelming and scary.  Too much detail about security issues might be pretty discouraging. (And here’s the heart of the interaction designer’s challenge in this area – inform, but only enough.)

Sources and Additional Resources

If you’re responsible for the design of a personal security question system, I strongly encourage you to read (1) and (2) below – between them, Ariel’s and Mike’s papers cover everything I’ve talked about and more. (3) and (4) are more general-interest articles.

  1. Personal knowledge question for fallback authentication: Security questions in the era of Facebook (PDF) by Ariel Rabkin (SOUPS, July 2008).
  2. Designing and Evaluating Challenge-Question Systems (PDF) by Mike Just (IEEE Security & Privacy, 2004).
  3. Those Crazy Internet Security Questions by Kate Pickert (Time Magazine, September 24, 2008).
  4. ‘Forgot your password?’ may be weakest link by Bob Sullivan (MSNBC, August 26, 2008).

As always, I’d love to hear your thoughts on this topic.

Feb 24 2010

Smitten by the possibilities of the iPad

By: Steven LeMay | Category: Uncategorized | Leave a Comment

We’ve never really been all-out gadget geeks here at UM but here I am smitten by the possibilities of the iPad. All predictions suggest this will be the year of the slate computer with a number of devices already announced and no doubt more in the works.

The iPad is of course the one getting most of the attention but the HP slate and a few other demo’d at CES also have lots of people talking. Great side-by-side feature comparison tables can be found elsewhere and lots of people have written about why the iPad isn’t for them. Notably absent from the iPad are:

  • no webcam (i.e. no video chat)
  • no multitasking (i.e. you can’t create a document and browse for reference material at the same time)
  • no USB
  • and of course, no Flash

The significance of these concerns ranges from minor to show-stopping depending on who you speak with. Personally, I was quite relieved to learn that the iPad wouldn’t include a camera. I very recently purchased a cute little netbook for my wife to Skype, surf and email with while out of town. Without a camera, the iPad as announced wouldn’t invalidate that purchase.

So why then am I still drawn to the iPad? What Apple is attempting is to create a whole new category of device – the living room computer. Most of us haven’t realized we need a living room computer and it remains to be seen whether we ever will, but given the frequency with which I tote my Macbook around the house I can see the possibilities. This is different from the many unsuccessful attempts that Microsoft has made over the years to replace the laptop or desktop with a fully featured table. The iPad isn’t a replacement, it’s different.

The big difference between the iPad and the HP slate is Windows 7 – an operating system which supports multi-touch but isn’t itself designed as a touch interface. All the interactions are still designed around mouse and keyboard; touch is simply a replacement for the mouse. The interaction metaphors remain the same, and the menus, toolbars, checkboxes, radio buttons, dropdown lists etc. are all the same. The iPhone OS, by contrast, was designed from the outset to be a touch interface, optimized for direct manipulation by hands, not mice or other surrogate pointing devices.

To take advantage of Windows 7′s multi-touch capabilities,  some companies are using Silverlight, Adobe Air or Flash to create an immersive experience. Last week at TED, Wired demonstrated its fabulous looking Wired Reader built with Adobe Air. Unfortunately, on Windows 7 devices, the immersive experience ends when the program is exited. Outside of these individual programs, you still have to interact with the Windows UI using touch.

Several promised devices will run Google’s Android operating system, which like the iPhone OS has been touch-based from the outset. I have no experience with Android yet but there isn’t really one Android; instead, each company seems to have its own proprietary customization. Fully recognizing my prejudices here, I fear that the Android slates may, like many Google products, be strong on technology but weak on pleasurable human interaction. I imagine a slate to be a recreational device, not a professional one, so my bias leans toward Apple.

The caveat here is that none of these slates actually exist yet, at least not in public. This is all speculation until, or if, they make it to market. Nevertheless, while this first generation iPad has considerable shortcomings, I am very curious to get my hands on one.

Jan 18 2010

Are you a freelance IA/UX specialist?

By: Usability Matters | Category: Uncategorized | Leave a Comment

We are currently bolstering our roster of freelance Information Architects and User Experience specialists. If you are a freelance IA, UX Designer or Usability Specialist and would like to work on engaging projects with a dynamic and experienced team, we’d like to hear from you!

We are interested in speaking to individuals with experience in one or more of the following:

  • Requirements gathering and strategic planning
  • Competitive reviews
  • Information architecture
  • Wireframing
  • Heuristic evaluation
  • Usability testing and other methods of user consultation

Interested? Please send us the following:

1. Resume
2. Hourly rate
3. Sample deliverables/reports or portfolio

At this time, we are interested in speaking with individuals eligible to work in Canada only.

All inquiries should be directed to our Office Manager, Julie Bot (recruiting@usabilitymatters.com).



Jan 5 2010

Accessibility for Dummies?

By: Steven LeMay | Category: Uncategorized | 2 Comments

Is there an ‘Accessibility for Dummies’ document you could share with me?

As usability experts, we are occasionally asked about accessibility. Sometimes, we’re asked to help define and identify what accessibility means, and how it relates to a particular web site. This is tricky, because the degree and the kinds of accessibility that are appropriate for one site’s audience might be overkill or useless for another, so, as always in our world, it depends.

Accessibility is a very broad term, and it has very fuzzy edges. In the most general sense, it means making everything — businesses, services, buildings, governments, transportation, etc. — usable by people with disabilities. In the web context, it means making websites usable by disabled people.

The web has become a vital resource for some people with disabilities because it helps avoid many of the barriers of the physical world. So many things that able-bodied people take for granted (banking, shopping, and accessing government services, to name just a few) can now be accomplished by people with disabilities without the assistance of another person. This kind of independence represents a huge improvement in quality of life for many people. This is why accessibility for websites is an important consideration.

But what can we, as web designers and developers, actually do for these users?

The main thing is to recognize that people with disabilities often use some form of assistive technology to help them use the web. A common example is the screen readers that people with visual impairments might use to read web pages aloud, but there are plenty of other examples. Making a website work for a screen reader or other assistive technologies is largely a matter of understanding how those technologies work, and designing and developing sites to work well with them.

If you’re planning to make your website accessible, there is an evolving set of tools, coding techniques, and best practices to follow. A good place to start is with the W3C’s Web Accessibility Initiative. They’ve produced guidelines as a reference point for measuring accessibility under four principles: web content should be perceivable, operable, understandable and robust. For instance, providing text alternatives for images is one way of making content more perceivable.

To learn more about each principle, start with the Web Accessibility QuickTips provided by the W3C. To dig deeper, try the How to Meet WCAG 2.0 quick reference guide.

Other great accessibility resources include the following:

Got any accessibility experiences you would like to share? We’d love to hear about them.

Dec 22 2009

Apple’s Checkout: Credit Card Flaws

By: Meredith Noble | Category: Uncategorized | 4 Comments

Every week I collect a bunch of recommended reads in my browser tabs, hoping for a few spare minutes to skim through them. This week, one such article was Luke Wroblewski‘s blog entry, The Apple Store’s Checkout Form Redesign.

I really enjoy how straight-forward Luke is with his analysis in this article (and everything he writes, his book being no exception). He includes fantastic examples from Apple’s previous checkout form and its new checkout form. However, having just purchased a MacBook online, I have to disagree with his positive assessment of Apple’s new credit card form.

The form is as follows (note I’m using the Canadian form here so it’s missing the Discover card):

apple_credit_card

As Luke explains, Apple no longer asks users to identify their card type (Visa, MasterCard or AmEx) up front. Because we can infer a person’s card type based on their credit card number, all we really need is that number.

This is absolutely true. We have been asking people to enter unnecessary information for years. However, the problem is exactly that: people are used to entering this information.  So when we get to Apple’s form, we eagerly look for a place to identify our credit card.

My brain while using the form: “Lo! Look at those shiny images showing card types! I will click on Mastercard, for that is my card type.

A re-enactment, in pictures:

apple_mastercard_click

And then:

apple_mastercard_click_click_click

Then, the loud sigh. I gave up and started typing my credit card number in. And then the form did this:

apple_credit_card_mastercard_selected

All other cards are greyed out, and my card type was magically highlighted.

I am sure that Apple included the card type images as a way of telling users what cards they accept, but the images seem clickable because they are a) images and b) in a place where the user would normally expect to interact.

If I were to redesign this form, I would let users interact with the images if they want to. Let them select MasterCard up front if it makes them happy, but switch to Visa in the end if that’s the type of card number they enter. Users who choose to identify their card up front will be happy, and users who don’t identify their card up front won’t know what they missed.

Anyone else have an opinion on this?

(Thanks to LukeW for the inspiration to write about this issue.)

Dec 15 2009

Gifts for User Experience Geeks

By: Meredith Noble | Category: Uncategorized | Leave a Comment

At Usability Matters, we’re all loving Nick Finck‘s awesome list of Gifts for User Experience Geeks.

To the outsider (e.g. Mom, Grandma, Cousin Bob) it’s easy to pass off our profession as “cool”. But those of us in the industry know it’s all about geeking out.

Our favourites from his list include:

  • Mental Notes ($33)
    Stephen P. Anderson gave out samples of his brainstorming cards at IDEA 2009, and we can’t wait to get our hands on the full deck!
  • Helvetica DVD and/or Posters ($20)
    Sure, Objectified was fun, but Helvetica rocked our socks.
  • Expo Low Odour Dry Erase Markers ($5.39)
    There is nothing less conducive to brainstorming than stinky markers. It’s tough to decide whether the purposefully scented ones (chocolate mint, strawberry) are better or worse than the regular chemical ones! Low odour all the way.
  • Factory Floor Issue Longhand Set ($20)
    We love the old-school industrial, honest, basic feeling of this set. It makes us want to grab a mug of joe and get busy drawing!
  • Dot Grid Book ($14)
    Who wants blue lines muddling up their designs? Dots would give an underlying order and pattern without boxing us in too much.
  • Bluelounge CableDrop Cable Holder ($9.95)
    An elegant solution to our never-ending cable woes!

We’d also like to propose a couple additions to the list:

  • Konigi Wireframe Magnets (FREE!)
    One of these days we’ll get around to making up a lovely set of these magnets. For now we’ll just sit back and admire the creativity of those folks over at Konigi.
  • Pouch Tea Mug ($9.95)
    As a tea-loving group, we instinctively appreciated this innovative solution to the problem of where to put used teabags. Indeed, the design seems awesome on the surface, but we still have a nagging worry about wet laps. This one will need some user testing before it gets final approval.
Nov 30 2009

RFP for Graphic Design!

By: Usability Matters | Category: Uncategorized | Leave a Comment

Request for Proposals

Project: Usability Matters Deliverables Redesign

OVERVIEW:

At Usability Matters, we are experts at putting users at the centre of digital development and designs, helping our clients create online experiences that resonate, motivate, and engage their target audiences.  We want to do the same for our own audience, our clients, with our print-based deliverables.

We are looking for an individual or business that can help us apply elements of our brand to our print materials, including Proposals, Usability Evaluation Reports, PowerPoint presentations and Interface Specifications.  We do not anticipate an overhaul of our existing logo and other elements of our brand, but can imagine extending or enhancing certain elements in order to add a new level of sophistication to our deliverables and marketing materials.

SUBMISSION DETAILS:

Friday December 11th at 5:00 PM

Attention: Julie Bot, Office Manager

Email: julie@usabilitymatters.com

Please provide the following information:

  1. A statement about who you are and what you do.
  2. Examples of your work.
  3. Your approach to this project.
  4. Pricing – your typical rate structure.

Usability Matters is looking to making our vendor selection before end of this year in order to begin work in January 2010.