How better security improves the user experience:

rivetz_security_ux_blog2

Building the business case for Rivetz is very straight forward and ties into many of the core challenges in computing today. Security is a topic that is often left as an afterthought, while user experience is at the forefront of the product plan. We all know that an app with a great user experience will win out over a competing app that has relied on technology alone. In a user-centric development process, core items like security are often thought of as add-ons to bundle into the finished product. This often results in additional authentication steps and tarnishes the user experience. The responsibility of access control, e.g. entering passwords and pins, is left with the user- who has been notoriously bad at it.

One of the world’s greatest examples of where this issue was overcome is the global mobile telecommunications network. In the early 90’s, cloning fraud was growing by leaps and bounds. For those who do not remember, a mobile phone account could be stolen with just a computer and a radio. The mere act of driving down the highway could result in the theft of an account. Obviously, identity theft within a service you rely on makes for a poor user experience. The first step in combating this fraud was to introduce User Pin codes for every call- effective at the time, but not a good user experience. Eventually, in the transition from analog to digital, SIM chips were introduced to the US market and fraud plummeted. The result was an increase in the adoption of mobile technology and reductions in its cost. The phone finally had a good user experience, and it was improving all the time. Today, the perception of security is so strong that we use the phone as a second factor of authentication and as a digital wallet. However, the security of a phone is really tied to the carrier SIM administration.

The opportunity for the next evolution of user experience is at hand for all of computing. It is a shift from relying on the user for the subscriber relationship to relying on the user’s devices for the subscriber relationship. The user experience for an app and trust in that app’s security need to be as good as the user’s relationship with their phone number: Simple registration to a secure service that is not easily compromised by malware or bad actors. How is this achieved? Most critical to making this a reality is a requirement for world class security to prevent the fraud and theft that takes place every time security is ignored. It’s time to stop relying on the username and password and replace it with a stronger, hardware-based device registration. The core benefits of built-in hardware security go to the heart of the business value of the current app economy and the future business model for the Internet of Things.

The value of most cloud and app services is based on the value of the subscriber relationship. Leveraging the Rivetz tool set to enhance the quality of this relationship will increase that value. Stronger Identity, Stronger Privacy, and world class built-in security all work to ensure peace of mind and a better customer experience overall. We can still focus on the seamless and simple user experience that every app has been striving for, but give up nothing in the way of security. We can replace the insecure, “remember me” storage of credentials and the cumbersome annoyance of multi-factor authentication. Persistent authentication from one’s device provides a great model for access control that is easy to manage and easy to train the user on. The user can experience a whole new way of interacting with a service.

One of the greatest concerns is loss of control of personal information and sensitive data. Billions has been invested in legacy security methods, but breaches continue to go up. Constantly training, reminding, and retraining the user does not make for a great user experience. It reminds the user of the fragility of these services and diminishes their overall trust in the service. The inability to meet the consumer’s desire for trust in their service dramatically reduces its value, and sets up the opportunity for the user to switch to a competitor in search of a better user experience. The key solution to this dilemma is shifting from the protection of a service by the user with passwords, to the protection of a service via the user’s device. The continuous awareness that “my device is in my control” is a biological response to loss or theft. Humans have been evolving over thousands of years to have an awareness of physical objects and personal possessions, but our digital awareness is not even a generation old. We can lose a password and not even become aware of it until a resulting theft happens. But if we lose a device, we are almost instantaneously aware. (Actually, awareness usually happens right after the jet way door closes!) Our response to the loss of a device almost always prompts action, and this action becomes the level of cyber security awareness that everyone is seeking. If Snowden had to steal computers and not passwords, the amount of data that would have left the building would have been minimal. Instead, armed with a colleague’s password, he was able to amass data at his leisure from a single terminal. The transition to a device-centric model for access provides the true security that the user deserves, and the the continuous awareness that services desire at no cost to user experience.

User experience is more than just access control, it is the complete model of the service, and the tools to protect what the user wishes to control. Control needs a level of automatization, as humans are not comfortable with repetitive tasks. Eventually those tasks become annoying to the user, reducing the value of the service, and as a result the value of the subscriber for the service deteriorates. Everyone loses. Security plays a core role in automating repetitive tasks. Continuously answering “Are you sure you want to do this?” is a bad consumer experience, but is required because there is so much risk of fraud that the vendors are trying to address the liability that is created by the services they offer. The advancements in security enable a secure model of user authentication that assures the user credentials cannot be stolen. It also enables management and communication of the devices a subscriber uses. Advanced security tools like trusted user interface assure that the user data collected in a transaction is private and cannot be compromised. The proper tools to integrate and automate assurance and privacy are critical to having a high quality experience with the least amount of user interruption.

The user experience is at the core for any modern app development. Color schemes, graphical elements, and clean design are all hallmarks of great apps, but security consistently destroys either the user’s trust and or the user/service relationship. The experience of a stolen ID or a forgotten password, and now two-factor authentication, is putting sand in the gearbox of progress to the next level of great interaction. Rivetz has built a simple and flexible toolkit that brings world class security into reach for any developer. Rivetz provides the tools to create the best built-in hardware security and eliminates the cumbersome experiences that plague apps today. From access with no passwords, to secure messages that malware and bad operators can’t read, Rivetz enables 21st century development that is based on strong identity and the automation of the security. Rivetz also enables the privacy and assurance processes that every great app needs to maximize the value of the subscriber.