Modernizing Authentication — What It Takes to Transform Secure Access
Among your Web site pet peeves, you inveigh against pop-up ads, which you once compared to selling a vacuum cleaner by first dashing someone's ashtray on the floor.
That's completely what it is like, yes. My screen is really precious to me. It's mine; don't go and pollute it.
Okay, but what have you got against PDFs?
Well, the problem is that PDF documents are just not very suitable for online access because they are optimized for print, and they're big linear documents, and, therefore, they're not very good for search. So if you find something that's in a PDF file, it's probably on page 217 or something, and being dumped at page one doesn't really help you that much. And so often you'll miss the information even though it is, in fact, in the file.
Also, the formatting is optimized for print, so it's simply a nice brochure. It's typically letter-sized, and you kind of have to scroll it too much or the type becomes too small and hard to read. And the very first time you experience this, you don't even see the document. All you see is "Now we're loading Acrobat." So it becomes an extra delay that people hate as well.
You're also not a fan of drop-down menus. For example, you'd prefer to type in a two-letter abbreviation for your state, CA, than scroll down looking for it.
Exactly. Because it's much faster and it's less error prone.
The reason I think that drop-downs are so common is that the programmers want to avoid having to validate the input, but it's not really that difficult to write a little routine that checks that you have one of the authorized abbreviations. And it's actually much less error prone because what very often happens is that people who want to enter "California" will end up with "Alabama" because the menu kind of first goes to C, but then it goes back to A. This is a minor irritant, but it's an example of a more general issue which is, Where do you put the burden? Do you put the burden on the computer or on the user?
Another thing that this points to is the general principle that if a task is keyboard-centric, stay at the keyboard as much as possible. If it's mouse-centric, stay at the mouse as much as possible.
Many of our readers have been through a generation or two of their own Web sites and intranets. Any mistakes to avoid when redesigning that are distinct from the original development process?
Well, the biggest difference is that if you have a redesign, you already have a design by definition, and, therefore, I would very strongly recommend starting by not actually doing anything new, but by researching what you already have. This is a piece of advice that most people think of as weird because they feel like, "I want to just get moving, I want to get moving on my new thing, I want to throw out the old thing and get a new thing." But that's putting the cart before the horse. You want to know first what works on your old design, and what doesn't work, and why it doesn't work. Those are all very important questions to get answered, because otherwise what happens is that you may actually lose some of the features that worked well in the old design. And of the ones that didn't work, you know, maybe you'll have something different, but who's to say that different is better? So it's very, very important to do a study of the existing design. The existing design is your best prototype of your new design because it's already working, it has all the features, and it has all the users right there.
That seems common sense enough.
Sad to say, people often miss that.
In the past, you've suggested that 10 percent of the budget for any Web or intranet project go toward usability. Still a good rule of thumb?
That is still a good figure. Ultimately it should be higher than that, but in today's world, that's a good recommendation. The way to think of that is, really, that you spend 10 percent of your budget making sure you're doing the right thing, and then 90 percent on doing that thing.