Businesses Must Adopt to a New Blend of Art and Science

As technology evolves, we begin to access our data across more devices and through different platforms, and convenience and ease of use are key. While these new technologies pose their own challenges for data security, they also bring about a new set of usability concerns. We rely on the user experience (UX) to ensure that people love products and services and are willing to come back and use them again and again. Security needs to be the underlying force that keeps users safe across all interactions, while also eliminating improper intrusions into your system.

The Bad News: They’re Both Tricky

A quick Google search will yield thousands of advice blog posts, columns, trade organizations, white papers and more on either building a great UX or implementing a security structure that maintains virility with the addition of each new partner or service. On their own, UX and security can be difficult beasts. Together, they’re even trickier because you must balance enjoyment of using your service with the ability to keep everything safe. Users demand that you give them something enjoyable, or they’ll turn to your competitor. A strong UX isn’t as simple as a pleasing website or content. It has a strong undercurrent, and it can make up for not adopting the latest trend in hero images, typography or immersive video sales letters.

The Good News: Users Demand a Safe UX Too

Most users want to know they’re signing in to a secure platform. They desire security and view it as a chief part of the overall UX. Overly complicated password requirements harm adoption rates, sign-ups and repeat-use numbers. On the contrary, allowing for social logins can increase consumer-facing registration rates by up to 50% and increase the amount of data a brand has access to with each sign-up, according to Janrain. A trust is inherent that their social media account is secure and that the company partners with social media services is also secure. Customers view that capability as a positive UX because it increases the ease of use for the service and creates a feeling of security in the new partner. As a consumer, would you use a service that was secure but frustrating to use? How about a platform that was clean and enjoyable, but made it easy for you to discover other people’s personally identifiable information? Security and UX are now mutually inclusive, and you can’t prioritize one or the other in your apps, services and sites. They either work well together or they fail together.

5 Best Practices for Better UX and Security

  1. Limit the data you collect. Take what you need and stop there. The more information you collect, the more harm that can happen during a breach. Also, shorter forms have been consistently linked to improved conversion rates. Expedia often creds a $12 million bump in conversions to using simpler forms that were less confusing and created a better UX.
  2. KISS. Simplicity piggybacks on limiting the data you ask for by ensuring that other elements are easy to use. Navigation is also key because it makes it easier for your customers to buy or use your service. Fewer pages means less linking and jumping, and fewer places for an outside source to try to break into your platform. Keeping security features simple and in the background can help your users feel secure without feeling like they’re overcoming hurdles to work with you. Single Sign-on (SSO) platforms are a major winner in the space, thanks to their protection and deep investment in KISS.
  3. Be open and honest. Let’s say you require employees to have a unique identifier and code that updates every day or more frequently. Your UX depends on security not being frustrating. And often, you have security functions in place to protect employees. If the updating passcodes can track intrusions and limit the financial risk of an employee, be honest: “Your unique code helps us verify that you’re you, and in the event of a breach it makes it easier to know that it wasn’t you who did harm to our data.”
  4. Resist the lockout. Typos happen, and sometimes we make the same ones over and over because we don’t realize that caps lock is on or we’re getting used to a new keyboard and keep hitting “,” instead of “m.” You’ll need a penalty for failed logins, but giving users two or three attempts and telling them if it’s the user ID or password that’s incorrect can improve the UX, making it less frustrating while remaining secure.
  5. Reaffirm industry best practices. Both UX and security come with list after list of best practices. It’s worth browsing those lists and creating your own list, made up items that will affect both UX and security. Chief among cross-over elements is testing your platform. Test frequently for both security and UX to give your users a better experience.

Applying Best Practices with Optimal IdM

We’ve taken our list of five — and many other best practices — to heart at Optimal IdM. Our top five are in the foundation of our Single Sign-On for enterprises, as well as our Federation & Identity Services that require multi-factor identification. We give your IT team the power to set credentials and check-ins at the frequency that’s best for you. Our options focus on the background, so you can rollout a new protection paradigm without your employees noticing much of a change. By building user requests into our workflow, we push information speedily to administrators for approval or denial. With our delegated administration model, we maintain updates to authentication lists, so you have a granular look at your current security but don’t need multiple steps for a sign-on each time, even if it is a multi-factor identification protocol. The best news is that we support a wide range of standards and can operate in both on-premise and cloud solutions, such as Sales Force and Office 365. Your IT team deserves a break, and we look to provide it.


  • The database in which all of your organization’s sensitive identity data is stored.
  • A digital ledger in which digital transactions are recorded chronologically and publicly.
  • Securely managing customer identity and profile data, and controlling customer access to applications and services.
  • The means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems.
  • A legal framework that sets guidelines for the collection and processing of personal information of individuals within the EU.
  • The policy-based centralized orchestration of user identity management and access control.
  • An authentication infrastructure that is built, hosted and managed by a third-party service provider.
  • A security system that requires more than one method of authentication from independent categories of credentials to verify the user's identity for a login or other transaction.
  • A global provider of innovative and affordable identity access management solutions. 
  • Managing and auditing account and data access by privileged users.
  • Tools and technologies for controlling user access to critical information within an organization.
  • An authentication process that allows a user to access multiple applications with one set of login credentials.