Software too frequently gets in the way of the user. It is incredibly rare that the user experience just works and makes sense. This has more impacts than it first appears. It teaches users to work around the user experience and breaks trust between the user and the system. It also can lead to security implications.
The user experience encompasses many aspects which make it a challenge to get right. First and foremost is the medium for which the user experience is built. Most software now tries to be everything for every situation, whether it is on a web browser on a large screen or on the smallest phone screens. User interface engineers need to be able to make workflows that, well, work.
Those interfaces also change pretty rapidly. Features change. Security challenges change. Laws change. And the capabilities of the technology building the user experience change. Some examples of this range from accessibility requirements to different authentication capabilities such as going from usernames and passwords to things like facial recognition and passkeys.
While dictation has been around for a long time and using voice to communicate with devices has become more normal with certain devices, but not necessarily with regular computers. With the increase in artificial intelligence (AI) applications that use large language models (LLM), that seems to be shifting. The notion of someone walking up to a replicator, I mean a 3D printer, and saying “Earl Grey” doesn’t really seem that far off. After all, they already have voice-activated in-home bartenders.
Google search provides a great example. The original text box and search button were simple. They taught the users what to look for. The results were simple. The results page was curated based on some algorithm. It was believed that the top results were the best and most applicable. Most users rarely dig deeper than the first page. Over time, that interface has undergone major changes. The suggested searches provide a distraction from the intended search. The results page is now littered with advertisements and sponsored links.
Users typically scroll past the ads, yet Google keeps pushing them more and more. Moving relevant content lower.
One would expect this to have a significant impact on Google’s user base, but it hasn’t. Instead, users typically scroll past and never click on the ads (https://www.cloudwards.net/search-engine-statistics/). Why haven’t users moved away? Is it possible that the reason lies in the habits that Google ingrained early on? Are the results that much better? There has probably been some analysis, but my guess is it is habit and marketing. There’s also little pain involved and a little bit of trust that the search results are “good enough.”
Search is a simple UI. It’s hard to mess it up. But what happens when the UI needs to be complicated? What happens when the UI has a direct impact on the learning experience of kids? What happens when the UI starts to get in the way of kids getting excited about classes?
It’s pretty easy to see how a user interface for a language-type class would be. Duolingo has done a decent job of it. Even Grammarly has shown how to seamlessly help improve grammar. Even Geography could be relatively easy to do with maps and images. Having played “Where In The World Is Carmen San Diego?” is a prime example.
Even with these, though, software often gets in the way. Spellchecking and grammar checking notifications while writing a draft can distract a creator from their train of thought.
Then there is math. Let’s take a look at some implementations from one provider. It is very similar to some others. As the math gets more and more complex, the input for the UI is clunky at best. Typically, they involve a calculator popup that the student can use, but then they have to switch back and forth. Exponents, quadratic equations, long division, fractions, and more make it a challenge to provide a user interface that is intuitive. Yes, they are able to perform the task, but they often get in the way and break the flow. It is nothing like writing out a math problem. Many will argue this is no different than the calculators that have existed for decades. Some of the first graphing calculators had the same problems. Accepting that a UI works doesn’t mean that it is the way it can and should be.
I was recently playing around with a popular learning platform and found similar problems to what my kids had experienced using their classroom technology. The capabilities of teaching math online are limited. Feedback is either too rapid or not complete enough. There are messages that indicate the answer is close, even if the answer is nowhere near correct. When it comes to incorrect formats, there are no messages to remind the customer of the format and what the format looks like, instead, there is a link to a video.
There is no real partial credit in the true sense. That is to say, if a student goes through a problem correctly but ends up with the wrong format, does the wrong operation (multiplies when they should have divided), or simply incorrectly performs an operation the answer is right or wrong. There are some cases where using a decimal vs a fraction can lead to an answer being marked wrong even when it is correct. The typical partial credit is only when the question asks for multiple answers and the student only gets some of them correct.
This impacts some set of students. The lack of feedback during the process and the inability to give partial scoring lead to students guessing and getting frustrated. Software has the ability to influence how kids feel about math.
The frustration of the user interfaces leads users to try to work around it. When regular users are trying to find workarounds, it makes it hard for those who are trying to protect a system to know what is a threat versus what is just someone trying to do their job.
You are probably asking: What does this have to do with security? This is a math application. The answer lies in integrity. The typical definition of integrity revolves around modification or manipulation of data. But when looked at holistically, integrity really refers to the user being able to trust the system to do what it says it can.
You are probably thinking “This is a HUGE stretch. Software has been using poor interfaces for a long time and will continue to do so, that doesn’t mean it is a security issue.”
The reason lies in the motivation. There was a time people would record music over the radio the because it was cheaper than buying the full album. When the UI frustrates the user for doing what they can, it creates motive for the user to try to break the system or leave the business.
The user interface can reward or punish the user. The user interface, whether a user or a system, is the first line of building trust and the first line of securing an application. When the user interface gets in the way, security suffers.