Good UX and Good Security - Is It Possible?


(Heather) #1

I read a blog post recently which, while specific to cybersecurity startups, really got me thinking about my own experiences.

So I’ve had 2 experiences that differ greatly!

  1. The company I worked with was SUPER focused on security. This is great if you’re dealing with very sensitive information, security is consideration number 1 on almost every feature. The result: a super secure product with a terrible UX.
  2. A different company I worked with had a UX designer. This was great from a UX perspective but this person really didn’t care about security. We had many debates about adding security features that they believed were not good for UX. I was always overruled.

So my question, in your experience is there the possibility to have good UX AND good security at the same time in an application?


(Ady Stokes) #2

Hi @heather_reid, it sounds like the two companies had very different priorities and I also suspect that the former was quite inaccessible?

We work on a customer facing website with two factor secure login to access sensitive mortgage information. While not perfect it is a good UX and our VeraCode score is a pleasing 94. We are bringing on a UX designer to help improve the interactions as we increase features and there is an overall desire to improve the customer experience but no expectation of that decreasing our security.

I’ll post any appropriate updates.

I’ve also see bank apps struggle with this very thing but some are quite good. I’m sure there will be other examples


(Heather) #3

Hi @adystokes

Different priorities but both had to adhere to strict regulatory bodies (one financial and one pharmaceutical). The former didn’t score terribly in terms of accessibility but it definitely could have been better. The second project had a dev who was (and still is) an accessibility advocate, every bit of work proposed was checked by them for accessibility. Granted that wasn’t a magic wand as many things were pushed just to get out the door.

It’s rare to find a banking app that ticks either box here in Ireland :laughing: Not unheard of but certainly rare


(Rob Diamond) #4

Hi @heather_reid it is possible but it’s got to be planned in from the start. Good user experience and security is not mutually exclusive

From my experience you need the UX framework up front with the back end security PKI, 2FA etc in place as early as possible. Trying to do this on a mature product is hard and expensive and you would usually be better off starting from fresh