It is a mistake to only associate design with appearance. Design is also about function, utility, discoverability, and simplicity. Security is a thread that should run through all of these considerations. Security is not a separate silo that stands alone beside other sandboxed categories. It must be interwoven throughout the entire design tapestry (image via shutterstock)
Unfortunately, when website designers do not follow BEST practices for security, end users find themselves troubleshooting issues such as slow-downs and unresponsiveness. Their private data may also be heavily compromised without their awareness of the situation. Thinking the problem is hardware related, they waste time and money on diagnostics. Finding nothing wrong, they throw more ram and a faster hard drive at the problem. Eventually, they decide that their computer is just a piece of junk and purchase a new one, that will soon suffer the same problems.
What they fail to realize is that their problems are caused by some form of malware: the biggest hindrance to your computer’s performance. The owner of that infected computer could have saved a lot of time, money, and frustration by downloading security software. Check out these free tips to clean up your computer and then read on to learn how to remove and avoid malware.
Here are some ideas that may help in future projects:
Do not trade security for convenience
Being user-friendly and convenient is a laudable goal for developers. Many websites such as those that focus on shopping, can be intimidating to many users. When the screen is filled with logos, images, and links without much by way of guidance for the user, the potential customer is likely to throw up their hands in frustration and try something else. Oversimplifying the process can lead to poor security. A delicate balance must be reached between convenience and security. While you never want to force a user to enter a 25-digit password every time she enters the site, you also want to require some form of verification when accessing sensitive areas like the Shopping Cart (image via shutterstock).
Use less Java and Flash
Apple, the biggest seller of high-end computers priced at $1,000 and above, does not preinstall JAVA. They also do not come with Adobe Flash enabled. That is because these products are the biggest security weaknesses in the system. Microsoft feels the same way about JAVA and Flash, warning that they are just as vulnerable as ever. Many security-conscious users leave these features turned off. If your site is heavily dependent on JAVA and Flash, you will either be locking out the more lucrative perspective customers, or you will be forcing less experienced users to give the bad guys access through these insecure vectors that the major operating system providers warn against (image via shutterstock).
Make your security messaging clear and consistent
Be sure that your users know your security policies so that they cannot be taken in by phishing attacks. One of the most common and easiest ways for hackers to gain valuable account information is to just ask for it under the guise of being the official site. This is usually done through an authentic looking email. You need to make sure that your users know that you will never ask for sensitive information via email. Furthermore, you should never link to log-in pages from an email. This is how the phishers do it. It is better to have them enter your site the way they normally do, then sign in. Also, do not allow sensitive data to be accessed through marketing material. Limit the number of ways a bad guy can trick your customer (image via shutterstock).
Just remember, it is a lot easier and less expensive to implement good security procedures at the beginning of the design process rather than trying to tack it on after the fact.