Security in Technology - Is it even really needed?
( THE ANSWER IS YES DINGUS)
Disclaimer: As a designer I try to analyze flaws and opportunities in our world. While I'm not an expert in technological security or cryptography, let's still discuss it from a design standpoint. 🙂
Overall, I don't think a lot of people are too concerned about the dependability of their digital security (although holy moly they should be) because it honestly works relatively well at the moment. Most stolen passwords and codes are generally obtained through social engineering tactics, phishing links or internal tool exploits - which in most cases are easily avoidable. I guess except when you're a company name Twi...I don't want to bash on them, @Jack is an awesome human being.
Equifax (yeah I don't care about them) had their own tools used to gather the information of 147 million people. There is and always will be malicious activity manifesting in the background that we probably will never know or even hear whispers about. Not to make matters even more disheartening but frankly there's not much the average human can do about it either.
Though when it comes to our own personal devices and accounts we do have a little bit more control. We can make our own passcodes, scan our unique faces, draw some distinctive gestures - pretty cool. From a design and curiosity point-of-view though, is this really the best we can do?
What are some tips to make sure our information can't be stolen?
Hope you know how to read disclaimers cause I have no freaking clue. Don't talk to strangers? Don't make shitty passwords (okay I said I'm not an expert but I'm pretty sure that's a good tip)? There definitely are ways to help prevent malicious attacks but we're all probably doing the best we can as individuals.
Realistically we really can't do much as consumers and are at the whims of whatever app, device, company we decide to worship. That's not to say that it's game over. Great engineers/programmers are still constantly creating revolutionary ways to protect our various needs, both digitally and physically. Cryptography is getting stronger, hardware is evolving, and better code is being written, I'm sure.
Hmm..I'm now noticing I've chosen a pretty broad topic regarding technological security that can end up going in SO MANY directions. So I'm going to start getting into my writer's lifeboat and start paddling towards the direction of mobile phone security.
What's currently available in terms of mobile phone security?
Dang, my arms are now exhausted so I'm going hop off my lifeboat and slowly drift towards Apple Island. We will be strictly talking about the security of Apple iPhones. The models with biometric sensors included. Let me do this for simplicity's sake...I'm soooo tired (lazy).
Whew. Alright. Regarding the operating system security that even allows you to use your iPhone in the first place, there are quite a number of pretty decent options:
• 4 or 6 Digit Numeric Passcode (the usual suspects)
• Custom Numeric Code (which actually can go...30+ numbers when I tried)
• Custom Alphanumeric Code (do people actually use this on their phones?)
• Touch ID (fingerprint scanning)
• Face ID (facial geometry recognition)
Throw in some multi-factor authentication and password management systems in place and the apps within your device will be pretty safe! So I am in no way saying that these are futile methods to protect your information, but they seem to be the only ones seen commonly.
If you don't have an iPhone and want to experience the latest iOS (13.5) security experience, you can do so with a quick prototype I've created here.
(Note: You may have to refresh a few times or click on the next pages using the < or > arrows for it to work...it's a little buggy. Adobe XD team, get on this! <3)
So are these forms of protection are good enough?
As mentioned, the current security of iPhone is honestly is not bad at all. It serves its purpose rather efficiently and I secretly love the design of it. If you checked out my prototype, the first thing you'll notice is that there are only a "rudimentary" set of security options.
Yes, you can select FaceID for certain features and if you decide not to, you can choose to use a passcode instead. I have my Face ID turned off because, well - I just don't fully trust it for MY view of security (completely unrelated to Covid-19). Biometrics validations are super handy but I'm personally don't use it to unlock my phone because
So they're good enough? Yes, absolutely they are. Only because most of us have the privilege of living our lives without running into any problems that would cause us to think otherwise. I personally have never had an issue with keeping my phone and information safe with what's been provided as security for my smartphones.
What's the problem then if these security measures are fine?
Life is random is the problem. Have you ever been targeted? Had your fingerprint was scanned for access to something? Had someone catch a glimpse of your **** passcode? Been held at gun point? Get asked to have your head 3-D printed? The last one is a bit farfetched but it's been freakin' done (granted this was years ago and on the Android platform).
So hypothetically if you were the one in a bind, I'm quite sure you wished that there were some extra layers of protection in place. Preventive measures even. Customized protection that would make you feel safer because it's there, not that it's always needed.
Maybe a decade or more ago, I think our current approaches may have been completely fine (and still are) but with our advanced technological capabilities - I think we need to think deeper and more importantly - differently. (I'm still on Apple Island lol)
So as designers what can we do for smart phone security?
Well anything is better than nothing. Even as a fresh UX designer, there are considerations I've pondered about of the way technology is used for ONLY technology's sake and creativity is sadly sometimes left in the friend zone. Instead creativity and technology need to get closer, become friends, start dating, get married and have mixed solution babies which will result in them having new-featured tech grand babies (YES, I realize that this is how it works already).
So what kind of lovechild resulting from tech + creativity can help current security? If I don't feel completely secure with what's available, why can't I do something extra that would be even more personal to me? Is it due to hardware limitations? Laws? I'm not sure. It's more than likely it's due to software or conventional design thinking. Necessity is also a factor. However, you can still improve security without having to reinvent the wheel, but to design with "customizability" in mind while staying within the current boundaries of hardware capabilities.
"My five-year outlook on passwords is that 20% of the mainstream will be Biometric Identification. Internet Anonymity, except for criminal offenders, will be out of the mainstream and within 10 years passwords will be gone, 100%."
David Ackerman, Managing Member of Internet Biometric Security Systems via Villanovau.com
Here are some random considerations for iPhone security alone:
•Being able to create additional layers of the provided security frameworks (Face ID + Code?) or (Code + another code?) + (Face ID + Code + Alphanumeric Passcode?)
•Being able to require a certain facial gesture/angle/movement that you have to achieve to unlock your phone using Face ID
•Being able to require your finger to be on a predetermined area on the smartphone screen before your Face ID will function properly
•Being able to select a volume button that you have to press in order to use Face ID
•Being able to have multiple security "profiles" so if you can swap between them so that will suit your security needs (For example: Home, Going Out, Overseas Travel)
Hold on a second my fellow readers, I hear some distant naysayers...
"But Zack!!! Those security options you mentioned would take way too long to set up, I don't want to do all that work!"
Then I refer you to the section of my title where it says "customizable". You don't have to participate! I probably won't either. You probably don't even use half of all the options available in your smart phone right now, so just don't use them if you don't want.
However, what if there are people out there who do require something? Those who are in an untrustworthy relationship and don't want their crazy spouses to rummage through your phone? Those who have extremely sensitive information? Those who are travel often to unknown locations? Yes, you are a user and you matter, but you are not the only user.
"But Zack!!! That would take so long to code and it wouldn't even be that useful!"
YOU'RE PROBABLY RIGHT. I'm not a programmer and can't commentate on how difficult it would be to code or even make functional. I am quite unwavering however in saying that it is feasible based on our current technology. For how useful it can be - let others be the judge of that. I'm sure people who had an Apple Watch watch that saved their lives might disagree with you. Maybe try it out first before even making a judgement call, I'm also just spitballing here and I never said any of my ideas were good.
What other innovations can we for mobile device protection?
Some of you are probably saying I'm a bit extra at the moment but I can say with a fair amount of research and prediction - we are moving towards a cashless and even card-less society. Not to mention data is becoming incredibly important as well. The convenience of having everything on our smartphones will always be a double-edged sword.
The sad truth is while cash and cards might disappear, bad actors most likely won't. Subsequently, if someone is threatening your life because they want access to your phone, you should not have to be helpless. That's why the I think the next innovations needed in mobile device protection are PREVENTIVE, SITUATIONAL, and once again CUSTOMIZABLE.
Here are some conditional ideas based on my previous suggestions:
•The creation of safety functions that can be applied to certain triggers (Options to: call authorities, delete information, lock money usage, alert GPS location, sound a loud noise, start a video/audio recording, etc.)
•Customization of multiple different codes that will each execute above safety functions
•Having a sensory lag-time after unlocking your phone with your face or having a selected facial gesture normally where if you make a specific facial gesture after, it will perform attributed safety functions
•If you require your finger to be on a predetermined area on the smartphone screen before your Face ID will function properly you can also select a danger zone finger placement where that will perform a selected safety function
•Have security functions trigger based on the proximity of your mobile device and another smart device such as laptop or tablet
If this type of layered and customized security was brought onto any operating system, where they can choose the level and type of security they prefer for each individual program - I believe that would bring a great value and additional layer of trust with that product or company. It's not something that I feel is an absolute necessity but as a designer I do feel like these small adjustments can make huge strides in making people feel safer with their devices.
Anyhow, I am exhausted from rambling. I think most people are doing fairly well for their own personal cybersecurity as long as we are all being educated and alert. Yet there will always be ways to improve the user experience that aren't necessarily based on hardware advancements - just thinking diffe- ...uniquely.
By the way, Apple Island isn't all that cracked up to be. After being here for so long, you'd think it would have information on the new upcoming Apple over-ear AirPod. I thought there might be some juicy details on those Apple Tag or Apple Car rumors. You'd think Apple Island would have Apple Geniuses waiting by the shore to greet you but...in the end...it's really just an imaginary writing gimmick I made up.
If you would like to see the shoddy prototype I made based of my thoughts, you can view it here. If you really want to take a look at my deeper look at my thought process, I can also linky it for ya.
Either way, thank you for reading my first blog post and would love to hear your comments, concerns, or thoughts via my Twitter account.
Happy and stressful designing!
Zack