Identity, Privacy, Application security, Data Security

Security vs. user experience: Finding the balance

Consumers are showing a willingness to have strong digital security if the user experience is doesn’t get in the way. (iStock/Getty Images)

We've long thought that online consumers are unwilling to trade convenience for security, but recent surveys show that's no longer quite true. Consumers worldwide now believe that strong digital security and a rewarding user experience are equally important, and many are ready to abandon services that don't offer enough of both.

This article covers a couple of those surveys in detail, and offers guidance for security teams striving to strike the right balance between security and user experience.

Ease of use no longer enough

In a 2022 survey of 2,719 consumers conducted by PYMNTS and Entersekt, 83% of respondents said that security played a "very" or "extremely" large role in the trust they placed with financial-services providers.

Survey respondents cited several factors that appealed to their senses of security, including an emphasis on data security (which 65% thought was important), information about the security of transactions (60%), the ability to approve transactions before they were processed (56%) and whether one could log in using something other than a password (44%).

At the same time, 80% of respondents in the PYMNTS/Entersekt survey said that a strong user experience was also a large factor in the trust they placed with their financial services, and 56% cited overall website quality as important.

A different survey of 3,400 consumers in the U.S., UK, Australia, France and Germany conducted by Ping Identity and Wakefield Research in mid-2021 found similar results.

It found that 85% of consumers wanted to know how their personal information was shared online, even as 72% of respondents said that they often had trouble getting answers about that. Along those lines, 63% of respondents said they would prefer to use services that made clear how personal information was being used, and 20% said they would recommend such services to others.

What turns off consumers

It was pretty clear from the Ping/Wakefield survey what consumers didn't like about site and online-service security.

The survey found that "56% of online consumers have abandoned an online service when logging in was too frustrating," and that "63% of consumers are likely to leave an online service for a competitor who makes it significantly easier to authenticate identity."

Perhaps most significantly, the survey also found that "60% of consumers have gone so far as abandoning an online service because of concerns about how their information is used, including 46% who have done so multiple times." Of these, "Gen-Zers (80%) are twice as likely to stop using an account due to privacy concerns than Boomers (40%)."

How to build security into your user experience

Fortunately, if you're designing a website, app or other online service, you no longer need to trade user experience for security. It's now easy to implement both, especially if you integrate recent security advancements such as single sign-on, multi-factor authentication and biometric verification to try to reduce the use of passwords.

User-experience experts such as Alex Hewko and Mike Maass typically emphasize these basic principles for a secure user experience that's easy and pleasant to use:

  • Simplicity: A login screen doesn't need to inundate the visitor with warnings and error messages.

"Provide everything your user needs and nothing more," wrote Maass in UX Mag in 2012. "Disclose additional information in a progressive manner, taking care never to overwhelm your user."

  • Clarity: Explain to users why they're being made to do something. For example, password requirements should be clearly stated, along with the rationale behind them.

"Make it clear to the user what data is required and where it will be used," wrote Hewko on the Software Secured website in September 2021. "Having defined options that are easy to understand, clear password requirements and simple navigation (on both web, mobile and tablet) through the application means that users will be able to intuitively use the application in a correct manner."

  • Trust: Let users know they're empowered to make good decisions on their own behalf, and don't treat them like children.
  • Appearance: Make your user interface look good, but also unique and difficult to spoof. Your company's branding should be prominent.

"Having a unique UX in every application with a well-established, recognizable sense of brand identity can be an important step to preventing spoofing and malicious phishing," wrote Hewko.

Paul Wagenseil

Paul Wagenseil is custom content strategist for CyberRisk Alliance, leading creation of content developed from CRA research and aligned to the most critical topics of interest for the cybersecurity community. He previously held editor roles focused on the security market at Tom’s Guide, Laptop Magazine, and

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.