Risk perception
By Kristoffer Bohmann, Bohmann Usability
Risk perception. Login pages should be accessible through a secure connection when users submit sensitive data to home-banking systems, corporate extranets, customer accounts on ecommerce sites, etc. Otherwise this will be an important reason for users to reject the service completely. Bad for business.
Example. The pop-up window above prompts users for FTP-server username and password. It is used by webmasters and editors when they post new stories to weblogs (a news module) hosted on their own server and enabled by Blogger. Submitting FTP-server username and password is a rather drastical decision for security-concerned users. And Blogger makes two important usability mistakes that scare security-concerned users away.
- The pop-up window hides the URL. This denies users a basic opportunity to verify the site owner (i.e., is the information submitted to www.blogger.com or to an unauthorized site?). Making the URL visible would eliminate this usability problem.
- It is not clear if data are transfered through a secure server. The secure server should be an option since users worry about security when giving away sensitive information such as FTP login to servers (e.g., "Somebody may see and misuse the username and password for our ecommerce site."). Accordingly, these users reject the service completely even if they need it..
Kristoffer Bohmann
