Security and Usability of an Interface Design System

Security and Usability of an Interface Design System

Strayer University

Security and Usability of an Interface Design System

Security and usability are often viewed to have a direct proportional relationship because more often than not improving one may lead to enhancement of the other. For this reason, most system design process follow an iterative integrating aspects of security and usability at each stage of the design process. Base on the case study and series of literature review, this paper perform an analysis of register system and identify design issues associated with the system. The paper later looks at ways to improve the system and relationship between security and usability.

New System and Design Issues

The new touch screen register is introduced as a business need resulting from the growing number of customers. This new system will enable the cashier to be able to processtransactions rapidly through an automated system using a user-friendly touch screen interface. The immediate benefit of the new system is that the cashiers will be able to work faster, and customers will no longer have to queue up in front of the register.

However, in order for the system to function well and meets user’s needs, the new system is design with strict security measures such as assigning each cashier a unique username ID and password to control accessibility to the register. In addition to authentication control, the register also locks out automatically every after 3 minutes of it not being in used and requires the same cashier to unlock the register. However, in situation where the cashier using the register is having difficulties logging in or incase where the cashier is absent and did not log out the previous day, the manager would need about 3 to 5 minutes to restart the register and to log out the previous user; in order for the new user to be able to operate the register. Even though the new system has good authentication control measures, there are some design issues with the system.

Design Issues with the System

The system is designed in a way that it logs out after three minutes of being inactive and only the previous user can unlock it or the manager. The time spends in logging back in the system, therefore, means valuable time in processing customer orders and less says.

Another design issue with the system is that it allows an incorrect password to be enter 4 times and automatically log out the user without any error message.

Also, the keyboard layout of the register makes it easy for the cashiers to key in the incorrect password.

The touch screen allows grease to accumulate on the screen; thus making it less responsive.

Describe How You Would Correct the Design Issues with the System to Make the Restaurant Managers Happy.

As an interface designer, the first correction in the new system will be to resolve the 3 minutes automatic logout of the system when inactive. A corrective measure will be to increase the 3 minutes automatic logout to 8 minutes. Increasing the system automatic logout to 8 minutes will go a long way to reducing the system automatic logout during non-peak business hours. The advantage of increasing the automatic system log out to 8 minutes, therefore, means the cashier will have more time to attend to customers; as there will be a decrease in time spent in logging into the register.

Another lop-hole with the new system is that when a cashier leaves for a break or end their shift without logging out of the register the manager will have to reboot the system. Restarting the system create a downtime of 3 to 5 minutes before the next cashier can login. A redesign of the new system would be that another cashier can log out the previous user and login with a different authentication without the manager restarting the system each time a cashier leaves.

Another issue with the system that causes the cashier to enter an erroneous code is the button layout. The system could be redesign such that a user can use electronic authentication card to login; this makes the cashier login process faster and resolve the button layout issue, which causes the cashier to key wrong code is resolve.

Finally, the last design issue of the system that result from building up of grease on the touch screen could be resolved through coating of the screen with a surface that does not allow grease to accumulate. Although the new system present some usability issues as identified above, creating a design plan that incorporate security and usability will help in addressing the current problems.

Design Plan for the Improve Interface

The new touch screen system incorporates good security access control aspect as authentication and authorization but fall short of integrating security with usability. However, the design issues identified above could be avoided if an iterative design approach known as Human Computer Interaction and Security (HCI-SEC), that allows the simultaneous design of the user interface and security measures during the design and implementation of the new system (Balfanz et al. 2004). In another research in 2005 Flechais pointed out that improving the user interface and security systems is focal point of HCISec and went further to recognize the importance of the user interface in making a secure system usable. The following tasks are needed to improve the new system to incorporate security and usability.

1). Employee feedback through questionnaires and data collected from the register on the amount of time the system is log in and out. Collecting data from the system could take a period of 20 days, during which there is the recording of data on peak and non-peak hours of the day.

2). After interpreting data from employee feedback and data collected from the system, the next task will be to designate a staff with access control to all the register. This helps in reducing administrative bottle-neck as employees will no longer have to wait for the manager to unlock the registersince the designated staff will always be on the spot. This task could last for 16 days because the staff with access control to all the register needs to document changes needed for testing and improving the new system.

3). Perform a research specifically, a market research on the consumption of resources during register log in and out. For this task, 10 days can be allocated for research and 12 days to develop, test and document any significant changes. After completing this task the next task is to compare different button layout.

4). Perform an analysis of button layout and compare with alternative screens. This task will enable the redesign team to be able to determine the best button layout of the interface that minimize entering error. This phase can last for 9 days and 12 days will be used to develop test and record any changes in the system.

5). Another task will be to add a menu bar in the interface with the option to reset the system in a situation when the cashier leaves without logging out or forget the access card, and the manager is not around. This includes modification to code and hence will take around 24 days to develop, test and document the change. The next section of the paper address aspects of security and usability and explain the challenges of incorporating them.

How does the New System Balance Security and Usability and Challenges Encounter in incorporating it into Design.

The field of security and usability engineering have gain wide recognition over the past decades, with the first research on HCI dated far back as 1975 focusing on improving the usability of software through a systematic approach to design. This is further supported in another research conducted in 2004 showing that most design effort of any system focus on usability of security of a system (Balfanz et al. 2004). This aforementioned research conformed to the new fast food chain system, whereby most of the design focus on security leaving out a certain aspect of usability. This implies that security systems are not well design, and users of the system tend to look for alternative ways to use the system (R. Anderson, 1993).

Thenew system incorporate security access control user ID and password-based authentication. This is to ensure that only an authorized cashier can have access to the register; so as to prevent another cashier from performing an uncontrolled transaction with someone else’s’ authentication. The aspect of using user authentication in the system encourage usability as cashier accountability can be trace; even though the challenge will be that the users have to memorize their user id and password. As the number of the systems increases, this result to memorability problem and the user have no option than to end up resetting the password (Brostoff and Sasse, 2003). Another aspect of the system that incorporate security and usability is the automatic log out of the register after 3 minutes. Even though this security measure is effectivesince it prevent unauthorized users from accessing the register to perform a false transaction. There is a tradeoff for usability in the system because the cashier needs to log in every 3 minutes when an active session timeout.

Changes to Improve Security and Usability of the System.

The first change in the system that will improve security and usability of the system is increasing the automatic log out of the register to 8 minutes when inactive. Increasing the automatic log out of the register to 8 minutes will not in any way affect security but would enhance usability enormously.

Another improvement of the system would be such that a new user could be able to log out the previous user and logon with a different credential without the manger necessarily coming to reboot the system. This measure is effective as there is no tradeoff between security and usability of the system. Since the register will already be log out after 8 minutes making that the security of the system is not hamper and the fact that the user can easily log in without having to wait for the manager to restart the register means usability is improved on like the previous system.

Lastly replacing the security access control of password authentication with electronic card authentication, does not affect security or usability in any way. Instead, security of the system is enforced since the electronics card authentication is more advance than password authentication. On the other hand the introduce of electronic card authentication improve usability of the system as cashiers will no longer have to memorize password; thus eliminating erroneous entering of code and password and making the system more user-friendly.

Conclusion

Security and usability are important aspects to be considered from the onset of the design of a system. This explains the reason behind the recent growth in research on security and usability engineering and HCISec. This paper examines the register system of a fast food chain and design issue associated with the system. The paper further proposes recommendation on how to improve the new system and a design plan for the new system and wrap up with strategies use in balancing security and usability of a system and graphical representation of propose interface in the appendix.

References

D. Balfanz, G. Durfee, D. Smetters, and R. Grinter, “In search of usable security: five lessons from the field,” IEEE Security & Privacy, vol. 2, no. 5, pp. 19–24, 2004

I. Flechais, “Designing secure and usable system,” Ph.D. dissertation, University of London, 2005

R. Anderson, “Why cryptosystems fail,” CCS ’93: Proceedings of the 1st ACM conference on Computer and communications security, pp. 215–227, 1993.

S. Brostoff and M. A. Sasse, ““Ten strikes and you’re out”: Increasing the number of login attempts can improve password usability,” in Proceedings of CHI 2003 Workshop on HCI and Security Systems. John Wiley, 2003.

Appendix

Graphical representation of propose interface