Evaluating a Security Mechanism Using Universal Design Thinking and Usability Heuristics Frameworks

Step 1: Selection of a Security Mechanism

Begin by selecting a security mechanism you use frequently. For instance, you might choose Multi-Factor Authentication (MFA). MFA typically combines something you know (a password) with something you have (a smartphone for a one-time code) or something you are (biometric data like a fingerprint).

Step 2: Application of Universal Design Thinking Principles

Universal Design (UD) focuses on creating environments and products that are inherently accessible to people with diverse abilities. The seven principles of Universal Design are:

1. Equitable Use: The design should be useful and marketable to people with diverse abilities.
2. Flexibility in Use: The design accommodates a wide range of individual preferences and abilities.
3. Simple and Intuitive Use: The design is easy to understand, regardless of the user’s experience, knowledge, language skills, or current concentration level.
4. Perceptible Information: The design communicates necessary information effectively, regardless of ambient conditions or the user’s sensory abilities.
5. Tolerance for Error: The design minimizes hazards and the adverse consequences of accidental or unintended actions.
6. Low Physical Effort: The design can be used efficiently and comfortably with minimal fatigue.
7. Size and Space for Approach and Use: The design provides appropriate size and space for approach, reach, manipulation, and use, regardless of the user’s body size, posture, or mobility.

Evaluation Example:

• MFA may perform well under “Tolerance for Error,” as it often provides multiple attempts to input a code. However, it might struggle with “Equitable Use” if it relies heavily on smartphones, excluding users without access to such technology or those with disabilities that impair their use of mobile devices.

Step 3: Application of Usability Heuristics (Feth and Polst Framework)

The usability heuristics framework, particularly the Feth and Polst model, includes principles that help in evaluating user interfaces and ensuring they are user-friendly. Common heuristics include:

1. Visibility of System Status: The system should always keep users informed about what is going on through appropriate feedback within a reasonable time.
2. Match Between System and the Real World: The system should speak the users’ language, using words, phrases, and concepts familiar to the user.
3. User Control and Freedom: Users often choose system functions by mistake and will need a clearly marked “emergency exit” to leave the unwanted state.
4. Consistency and Standards: Users should not have to wonder whether different words, situations, or actions mean the same thing.
5. Error Prevention: Better than good error messages is a careful design that prevents a problem from occurring in the first place.
6. Recognition Rather Than Recall: Minimize the user’s memory load by making objects, actions, and options visible.
7. Flexibility and Efficiency of Use: Accelerators — unseen by the novice user — may often speed up the interaction for the expert user.

Evaluation Example:

• MFA often meets the “Visibility of System Status” heuristic by informing users that a code is being sent. However, it may falter in “Flexibility and Efficiency of Use” if the process of entering codes is cumbersome or repetitive, especially for advanced users.

Step 4: Documenting Your Findings

After applying the frameworks to your chosen security mechanism, record your observations in your behavior change portfolio. Note any areas where the mechanism succeeds or fails in terms of accessibility and usability. Consider how these aspects might affect users’ experience, especially those with different abilities or levels of technical expertise.

Suggested Reading

For more in-depth understanding, consider referencing:

• “Universal Design: Principles and Models” by Roberta Null: This book provides a detailed discussion on universal design principles and how they apply to various products and environments.
• “Designing for the Digital Age” by Kim Goodwin: This text offers insights into usability design and user-centered thinking, which are crucial when evaluating technology interfaces.
• Nielsen, Jakob. “Usability Engineering.” This book is a seminal resource on usability heuristics and principles, useful for evaluating any user interface, including security systems.

By thoroughly analyzing a security mechanism through these frameworks, you’ll gain a deeper understanding of how well it meets the needs of all users, guiding improvements that enhance accessibility and usability.