I was visiting at a senior living community lately, and saw a great low-tech security device.
Security personnel walk the halls overnight, flipping these little markers up against the doors of each apartment…
… and when the resident opens the door, the marker falls. Security staff walk through the halls during the morning and can check on anyone whose marker isn’t released.
Leave a Comment » | 
General, Hardware, Health care, Real-world usaiblity | Tagged: elders, low-tech, Security, senior citizens, senior living community | 
Permalink
Posted by Hal Shubin
Question: What was your favorite teacher’s youngest child’s first pet’s name?
Answer 1: StupidQuestion TeacherPet Booyah
Answer 2: Green polka dots
See why, below
As part of account creation, many sites require you to answer secret questions. This isn’t only for security. It provides a self-service way for you to reset your password, which is easier for the company, and maybe for you, too. (Remember when you used to call customer care for things like this?) But security questions can be hard to design and use.
A system must present users with enough questions so they can pick a couple to answer and remember. Here are some questions and categories that can cause problems:
Here are some real examples: the first is from Yahoo.com, the second from BarnesAndNoble.com. How many questions could you answer now and remember later? How many just leave you scratching your head? [Images aren't uploading. Working on it. Sorry...]
And there’s the question of whether security questions are useful at all. GoodSecurityQuestions.com points out that
The reality is, security questions present an opportunity for breach and even the best security questions are not good enough to screen out all attacks. There is a trade-off; self-service vs. security risks.
People who know you may know enough to answer your questions; people who don’t know you may be able to find out the answers (how many people on Facebook and LinkedIn know what schools you went to?).
I just came across an interesting example at the Minor League Baseball sites. When I indicated that I’d forgotten my password, I got this screen. Oddly, I had to pick which security question I’d answered and then answer it. As if I could remember that! [Added 25 Sep 2012]
At the Minor League Baseball site, you first have to remember
which question you answered and then remember the answer.
One of my most interesting ideas I came across is to answer a completely different question. You might use “green polka dots” when the question is “What street did you grow up on?” That’s harder for someone to guess, but harder for you to remember unless you use it everywhere (which isn’t secure).
Danah Boyd, writing on Apophenia, suggests combining a “snarky bad attitude phrase” with a clue from the actual question, plus a unique word. For example, she writes “when I’m asked the following question: What is your favorite sports team? My answer would be: StupidQuestion SportsTeam Booyah“.
Here are some tips for selecting questions for your application:
It may seem trivial to test security questions, but it does help. We got some good feedback in a recent project and changed the questions in our list. There’s nothing like showing your work to real users.
6 Comments | Customer care, General, Passwords, Security, Self service | Tagged: customer care, secret questions, Security questions, Self service, User experience | Permalink
Posted by Hal Shubin
Companies obviously want to cut down on calls to customer care centers to save money. One way is to allow (force?) users to do more things themselves. We’ve been recovering passwords ourselves for a long time, and many products include other self-service tasks. Even libraries allow patrons to check out their own books.
In a recent design project, I was afraid that customers would dislike the self-service tools we were adding. I thought they might have the same reaction that I have to self-checkout lanes in stores: “Hey, I already have a job. I don’t want to check out and bag my own stuff here!”
But that wasn’t the case. Our users liked the new self-service tools.
We talked with a lot of users in usability studies and customer visits. They mostly had gotten good results when they called for assistance, but it seemed easier to do things themselves.
Calling customer care may seem like more of an interruption, while doing something yourself may seem more like an extension of what you’re already doing. Making the call requires a lot of work:
The early results for this product are good. It seems that customers are doing more tasks themselves, and the company is getting fewer phone calls.
Have you noticed that you’re doing more things yourself on the Web? What do you think about it? Are companies forcing you to do their work, or is it a time saver?
2 Comments | Attitude, Customer care, Customer service, General, Positive comments, Real-world usaiblity, Self service | Tagged: customer care, Customer service, Self service, Web application | Permalink
Posted by Hal Shubin
The City of Boston recently announced the Boston Meter Card, a prepaid card to use at parking meters. It’s a great idea, but it was impossible for me to figure out because the card doesn’t work the way other cards work. You have to insert the card and keep it in the meter for 10 to 15 seconds.
This post describes the problem, proposes simple ways to fix the problem at this late date and has videos of how the meters work.
How do you think it works?
What would you do when you walked up to a meter with the card? I thought about which way to put the card in, inserted it, took it out, and… nothing.
I was there with someone else, and we couldn’t figure it out. Was the card broken? Was the meter broken? What else could I have done?
When you insert the card, you have to hold it in for 10 to 15 seconds and wait while the small display updates a number of times. But you knew that, right?
Problem #1: It doesn’t work like any other card I use. I couldn’t figure it out. Was it user error, or a system-design problem?
Watch video footage of checking in and out of a meter. It’s hard to read the display, but that’s part of the real-life situation.
Now that I know how it works, I understand the transitions in the display:
The first time I tried the card, it took the full 15 seconds to get a response. It didn’t display “In” that time, but it did display “1111″ for some reason.
How long do you have to wait and watch? And how many changes will there be? Not knowing makes it hard to know when it’s complete. Is it clear what each display means?? There was no explanation, and it was impossible to figure out the first time. A brochure came with the card, but didn’t mention any of this.
Problem #2: The displayed information isn’t always the same for the same operation.
Checking out of the space was even more confusing because there were more transitions in the display to figure out:
These were the transitions for checking out:
Problem #3: There’s no way for a first-time user to know how many display transitions there will be, so there’s no way to know how long to wait before removing the card. (I think you have to wait, but I didn’t test that.) And it’s not clear what it all means.
Even if you use an older ATM that holds on to your card, it reacts within a second or two. Most card-reading machines have instructions saying to “swipe” or “dip” the card; this was the only one that would use a word like “wait”. Here’s an example from a hotel I recently stayed at:
This hotel key card responded within a second. All I had to do was "dip" it in and remove it.
The first thing was to figure out how to insert it. This photo shows a graphic on the meter that corresponds to the chip on the back of the card. It’s hard to see and it’s not clear what it means.
The arrow points to a graphic that looks like the chip on the back of the card. Is that enough to tell you how to insert the card?
The sticker just below the slot would have been a good place to put some instructions. That would have been easier than trying to decipher that little mark under the slot.
Problem #4: The display is hard to read in bright light, and probably worse at night.
I inserted the card different ways, but it didn’t react (because I didn’t know to hold it in place). I spent a lot of time trying to make it work and a lot of time the next day on the phone finding out how it does work.
One person I talked with in the Parking Office said that it was “probably user error” because “that is the problem in 24 out of 25 cases.” I don’t generally believe in user error, so I took a deep breath and said that it’s more likely a system-design problem.
After awhile, I found someone who explained about having to hold the card in the meter for 10 to 15 seconds. I identified myself as a user experience designer, and we talked further.
More than user error, I think it was a failure to understand the users and their expectations.
He asked if I’d read the brochure that comes with the cards (PDF). This should be so simple that instructions aren’t needed. I don’t think people would read directions, save them or remember what they’d read. I mentioned that, and said that as a typical user, my copy was already in the recycle pile.
We talked about the instructions on the back of the card, too (ALL IN UPPER CASE) That text doesn’t say anything about holding the card in, it didn’t explain the transitions on the display and it didn’t explain when you’re done with a transaction. The brochure did mention holding the card in, but only for signing out.
The gold seal on the left must be the chip. The instructions at right ARE ALL UPPER CASE and don't mention holding the card in.
Problem #5: This system shouldn’t require documentation and what they provide is incomplete.
If the city doesn’t change something to make the system easier to figure out, I’m afraid that it will just fail.
It’s a system with many parts: the card, the display, the insertion method, the information on the meter and the brochure. Plus user expectations. Some parts are easier to change than others, but something has to change.
When I talked with someone in City Hall, I suggested reprinting the cards with complete instructions. He said that the cards came from the vendor. And that they had 10,000 of them. My card has a number in the 400s, so that won’t work.
Next, I suggested printing stickers with better instructions to cover the old text. Again, even if it were a lot of work, at least people would have the instructions with them.
It would help if the sticker on the meter had some instructions. I assume that changing the displays or how the meters work would be too involved, but we didn’t get to those topics.
We talked a little more and I wished him well.
Problem #6: The underlying problem is that the product design process probably didn’t involve any actual users or testing in real situations.
This is a system designed for anyone who parks a car at a meter, day or night, possibly in a hurry. How do you think someone like that reacts to this user experience the first time?
I don’t know who the vendor is, or who designed the system. And I don’t know how they’re going to resolve this problem. I’m pretty sure the program will not succeed without a big change.
I sent what I learned to Eric Moskowitz, the Boston Globe reporter who writes the Starts & Stops column about transportation issues. Maybe he can write a column and help teach people how it works.
It seems pretty clear to me that this whole system was designed the old-fashioned way. Rather than test the system with real users in real situations, they probably talked about it in a conference room and figured it would work out OK. If someone raised the obvious problems, I can imagine someone else saying, “Yeah, but all they have to do is…”
That phrase is the kiss of death for a design. I hope the City of Boston can make this project work because it’s a great idea.
11 Comments | Feedback, General, Hardware, Non-computer usability testing, Potential usability testing topic, Real-world usaiblity, User self-blame | Tagged: debit card, design process, Parking meter, Personas, user expectations | Permalink
Posted by Hal Shubin
Does the Transportation Security Administration (TSA) do any usability studies to see how passengers react to security screening at airports? I don’t mean whether people like the different types of scans, but the whole process, from approaching the TSA area to getting their shoes and belts back on.
I have two problems: There’s never enough time and space to prepare, and I don’t really know what the rules are.
I try to prepare: liquids in one bag, prescriptions in another bag, a bag ready to empty my pockets into, shoes ready for removal, etc. But I always wind up at the conveyor belts sooner than I expect to. People are standing behind me, waiting for a basket while I’m trying to remember all the things I’m supposed to do. About half the time I forget to remove the bags with liquids and medications, and it doesn’t seem to matter.
Apparently certain mistakes can cause you grief. I read a story in the New York Times about a businesswoman pulled aside by TSA agents because the sundress she was wearing was too long (and could hide something) and because she didn’t make eye contact with the agents (after taking the red-eye from San Francisco to New York).
And I recently learned that cargo shorts pretty much guarantee a pat-down. Too many flaps, pockets, snaps and zippers.
So if I arrive at the conveyor belts and don’t do everything smoothly enough, will I be pulled aside for additional questioning or screening? That’s another part of the problem — no one really knows what the rules are. It’s like entering a new password on a Web site that doesn’t tell you the rules for passwords until you violate them. (That’s another blog post.)
I did find a reference to TSA doing customer research on its Web site a couple of years ago, but nothing about this.
Have you heard about any research into the overall process? Ignoring pat-downs and scans themselves, what would make the experience easier for you?
Leave a Comment » | Customer service, Non-computer usability testing, Potential usability testing topic, Real-world usaiblity, User self-blame | Tagged: Security, TSA, usability | Permalink
Posted by Hal Shubin
I took the refresher course for the American Heart Association’s Heartsaver CPR & AED course recently. Once again, I was impressed with the design of AEDs.
Wikipedia describes an AED as
An automated external defibrillator or AED is a portable electronic device that automatically diagnoses the potentially life threatening cardiac arrhythmias of ventricular fibrillation and ventricular tachycardia in a patient, and is able to treat them through defibrillation, the application of electrical therapy which stops the arrhythmia, allowing the heart to reestablish an effective rhythm.
While they may be used by EMTs with a lot of training, they’re also used by people who happen to come across a person in distress. You can imagine how anxious such a user is, so the devices must be really easy to use.
And they are. Once you open the device and turn it on, it tells you what to do, step by step.
Here’s a video I found on YouTube that shows a typical one. (The demo starts at 00:1:00 into the video.)
You might be trained on one brand of device and have to use a different brand if you come across an emergency in a store or public library. I don’t think it matters, because they walk you through the process, showing and saying what to do at each step.
I’m not sure why they’re all so well-designed. Maybe one company figured it out and the others copied, or maybe the Red Cross or Heart Association made suggestions to all of the manufacturers.
Have you taken AED training? Have you ever used one in real life? How did it work?
2 Comments | Hardware, Health care, Non-computer usability testing, Positive comments | Tagged: AED, first aid, hardware design, usability | Permalink
Posted by Hal Shubin
Comments about online commenting
3 Jan 2013Do you write comments online? Commenting is available all over the Web. It’s a great feature, but there are some things that can hold people back from using it.
In usability studies, I’ve seen people hesitate about writing comments for many reasons. (Even so, I hope you comment about your experiences, below.)
Example of the commenting UI in this blog
Social factors affecting posting & comments
People are concerned about what others will think of them. Unless you’re really sure of your point, questioning someone online, especially an expert, can seem scary. I’ve heard participants say that in usability studies.
In his book Design to Thrive: Creating Social Networks and Online Communities, Tharon W. Howard writes:
Because people don’t want to damage their reputation or their professional status in the community, they won’t post unless they’re fairly sure that their contribution will be received as a contribution and will not open them up to critique.
He suggests demonstrating “how [members] can ask questions productively” and in general, creating a safe and comfortable environment.
Anonymity and rude comments
Anonymity can make people more comfortable about posting comments, but if my local newspaper’s site is any indication, it encourages some people to be rude. A recent usability participant talked about that:
Online, people everywhere are willing to insult people’s mothers at the drop of the hat. Anonymity leads to people saying a lot of things.
On the NPR program, Science Friday, Dominique Brossard, lead author of a paper in the journal Science (“Science, New Media and the Public”) said that negative comments even affect how others interpret the main discussion:
So basically just being exposed to rude comments, even if the content of the comments themselves was the same, made people react differently to the content of the story. So the question is therefore: What do we do to encourage better understanding? … And then we should discuss what does it mean to have a civil discussion online.
Systems like Facebook and LinkedIn certainly allow people to comment on their own lives and other people’s posts, and they’re obviously popular. It may feel safer in those systems because you only sign up if you want to do it, and you have a controlled audience (depending on how well you understand and use your privacy settings).
UI issues in commenting
The commenting UI itself sometimes gets in the way, as I saw in a usability study awhile ago. The commenting form might appear at the top or bottom of the article. It’s not useful at the top, because you haven’t read anything yet. You might not get to the bottom to see the form there if you don’t read the whole article. And if you print the article to read, there’s no easy way to post a comment. Having a link float on the page so it’s always visible might be helpful but requires careful testing to see how people react to something that keeps moving.
In a system with a lot of topics (whether they’re courses, articles or products), many items may have few or no comments at all. That may make them look unpopular. Seeding a discussion, by having a staff member or the author post the first comment or question might help it look less like a vacant lot and more like a conversation.
Creating a sense of community
I belong to a professional email list that is for members only. That restriction is useful; it’s one of the things that the moderators do to make people comfortable. Even though most of us will never meet, we have a definite sense of community from having helped each other on topics of mutual interest.
In one recent study, a man indicated that he writes comments in an online course’s discussion area. When I asked for details, it turned out that he hadn’t written anything at all. He was really talking about what he might do, not what he actually does. (That’s why it’s important to not simply accept what people say in customer research and usability studies.) He prefers to talk with friends who also take the class; it seemed that he was just more comfortable with people he knows.
Your turn…
…In what situations do you post comments, if any? What makes you nervous or comfortable about doing it? Should we moderate comments, or let anyone say anything? Is it different if it’s social or professional? And don’t worry – I moderate the comments here and won’t let anyone be rude.
Share this: