Design Pattern: Help the user stay safe
User Need
I need to know I am safe and secure when using a web site, especially if providing information or communicating with others.
What to Do
Keep the user safe. This includes:
- Understand risks for people with learning and cognitive disabilities when providing personal information or communicating with others.
- Checking how safety and security techniques work with a wide range of customized profiles including aging users and users with learning and cognitive disabilities.
- Using known techniques to keep sensitive user information safe.
- Helping all users understand any relevant known risks. Explain any known risks in easy to understand and friendly language.
- This helps them make an informed decision and stay in control.
How it Helps
Users need to know they are safe and secure when using a web site, especially when providing information or communicating with others.
Users with impaired executive function are less likely to identify risks correctly so clearly identifying potential risks helps the user stay safe and in control. Add helpful tips for staying safe while using your content and provide help in case of problems.
To help identify risks, we suggest holding research and focus groups with people with cognitive and learning disabilities and to work with people with cognitive and learning disabilities to solve potential and existing problems. Groups should have people with learning and cognitive disabilities in mind when working on security and risk mitigation.
For example, many people who cannot copy and paste passwords or use two-step authorization codes ask a caregiver to help them. As caregivers are often just temporary employees, this leaves the user exposed. Making passwords longer or requiring users change them regularly increases these unsafe practices and can actually make the application less secure. This type of design error is common when people with cognitive and learning disabilities are left out of the user research and analysis.
Examples
Use:
- Alternative login options that have been tested with people who have learning or cognitive disabilities that are approved security techniques, in your jurisdiction, for sensitive data.
- Talking to a wide range of people with learning and cognitive disabilities, to understand the risks and how they may relate to personal information.
- COGA persona and use case in the research, development and requirements phases.
- Industry best practices for storing and securing user information.
- Consent forms in easy to understand language that have been tested with people with learning and cognitive disabilities to ensure they understand the risks.
- Warnings to users each time personal information may be given, in easy to understand language.
Avoid:
- Users sharing information without understanding all the risks.
- Hidden and confusing information about risks.
- Users giving consent one time, and forgetting about the risks they are currently facing.
- Consent forms that users may not understand.
Related Information
User Story
Personas
- Alison: An Aging User with Mild Cognitive Impairment
- George:
- Gopal: A Retired Lawyer with Dementia
- Jonathan: A Therapist with Dyscalculia
- Kwame: A Traumatic Brain Injury Survivor
- Maria: A User who has Memory Loss
- Sam: A Librarian who has a Hemiplegia and Aphasia
- Tal: A Student who has Dyslexia and Impaired Eye Hand Coordination
- Yuki: A Yoga Teacher who has AD(H)D