Security and Usability

I happened to go to (ISC)2’s web site and visit the member’s login page. I saw quite a few usability issues that escape the average security person.

Here’s a screen capture:

Security ignores usability

Security ignores usability

Let’s see what’s wrong:

  1. The page is titled “Member Login”
  2. The main text in the middle of the page says “Sign in”
  3. The button I click under “Sign In” is labeled “Login”
  4. The help is labeled “Login Help”
  5. After you log in, the page says “Sign In: You are currently logged in as””
  6. The entire form for signing in or logging in appears twice on this page, once at the top right, once in the middle. As a user I have to ask myself: do they do the same thing? Do they take the same Username and Password?
  7. On the top right, the button is labeled “Sign In.” On the middle of the page (under where it says “Sign In”) the button is labeled “Login.”
  8. Should the search options (“I am interested in”) appear on this page? I mean, if this is the login page, just give them the login option. The navigation bar at the top gives them some other places to go if this isn’t where they really meant to go.  I find “I am interested in” looks too much like it’s related to signing in.

Maybe I’m overdoing it, but we only need one term for logging in or signing in. It’s pretty clear that these folks consider “login” and “sign in” to be the same thing. But does the average user? And why do we have a login form appearing twice, with the button labeled differently in each.

Sigh. We can’t even get our own terms straight in the security industry. No wonder nobody else gets it straight.