An interview is…

“An interview is a conversation with a purpose”

- Kahn & Channel

 

Pilot interview

Today I did a pilot interview with one of the participants from the probe study. Went well, but I will reformulate and add some questions before I conduct the rest of the interviews.

All of the interviewees will be people that agreed to be contacted after the joining the probe study. So they already know what the project is about, however before the interview they have to sign a form describing among other things the project, the purpose of the interview, that the data will be anonymised and that they agree to the terms.

The interviews are still focusing on peoples understanding of security and how that affect their behavior in connection to authentication. I have separated the interview into two parts, starting with some initial questions about the interviewee, then some questions about their mobile and computer habits. The second part of the interview will be used to discuss some of the results from the probes. To facilitate the discussion I have printed out some graphs, some examples of different authentication methods and some of the context pictures that I received from the probes.

 

Am I a robot?

 

Data gathering: probes – results 1

I have handed in all of the probes that I made, and tried to analyze the result. I have been looking for patterns and results that stand out and seen if some of the results can help me answer the research question. (This is post describes only some of the results).

As mentioned in my las blog post the study included ten students from the department of informatics. The only requirement I had was that they owned a smart phone, some had an iPhone and some had an Android. This was a qualitative research with few participant, so the results cannot be used to generalize, but does give an impression of the trends among students.

One of the things I asked the students about was if they had a screen lock on their phone, the graph below shows the answers I got.

As we can see almost half of the participants does not have any other screen lock then the slider. In spite of this the next question showed that people felt that their information was fairly secure on their phone.

There can be many reasons for this result, and I hope to get a deeper understanding of this at a later point, but some theories about why you feel that the content on your phone is safe even without a screen lock, can be for instance that the phone is something you you bring with you and look after at all times. Another possibility is that people do not have a complete understanding of the amount of sensitive data on your phone or how sensitive the data is.

Another card revealed something less surprising, people does not turn their phone of by the end of the day, as very few mentioned that they had to log into their Sim-card in the period they had the pobes. In addition to this, the results shows that people use their phone to login to apps, websites and services max a couple of times a day. (More if for instance a new app i downloaded and needs you wish to connect it to other accounts like Facebook or Twitter.) The participants have, on almost all of their apps and services, saved the authentication details and are automatically logged in.

This makes the screen lock even more important, if an unauthorized person get hold of your phone he/she can not only access your messages, phone numbers and pictures, but probably also your email, social media accounts, skype, blog etc. However the security on the phone is not something that people are too concerned about as it looks like.

Here are some comments I got on the cards (translated into English):

“Most loggins are the code on the phone. Most passwords on apps are saved so I rarely write these”.

“I don’t use pin-lock on my phone in fear of loosing the phone and if an honest person finds it, he/she will not be able to call me because the phone is locked.”

“Have noticed that I have problems reading the words you have to type in to prove that you are not a computer (CAPTCHA). That makes me anoyed!”

“Got a tip about shortcuts on iPhone and hopefully I don’t need to type in user name and email addresses anymore! “

 

Some of the cards was also about different authentication methods on phone and computers. However the results from them will be discussed in another post.

Based on the probes and the results I will conduct a couple of interviews, with five participants that agreed to be contacted for further research. The purpose of that, is like the purpose of the probes, to get closer insight in how people think about security on smart phones, and how this affect how they use it.

 

Data gathering: probes

One of the methods I am using to gather data is cultural probes. Probes are supposed to work as an instrument to provoke a response from the participants.

Having said that, ‘cultural probe’ is actually a very good description of what these things are about. If you think about a probe as something you send off into the unknown — typically I use the analogy of a space probe like Voyager — it’s something that goes somewhere where we can’t go ourselves and transmits back data. So ‘probe’ is a very appropriate word. (Source)

I created a sett of cards with questions and assignments for people to bring home and use five days to complete. The goal with the probes was to get an impression of peoples understanding of security, on smart phones vs. computers and how this affects our choises of screen locks and authorization mechanisms.

In addition to the cards I made a simple website where I explained closer what the participants  was supposed to do: http://folk.uio.no/siribst/MasterResearch/.

First I did a pilot study, to test out how the cards were working, if there were any changes that should be done. After that I did a couple of small changes, mostly adjusted the wording a little bit to make things easier to understand.

After this I delivered out the sets of cards to 10 fellow students using smart phones (iphone or android) Explained the project and purpose of the probes and told them to ask if they had any questions.

Each stack of cards consisted of 12 cards.

• About the project: a short introduction of the project.
• Three questions: three questions about how the phone was used, any irregular happenings? How many times did you use your phone to login to external services. And where did you login?
• Photos: Take a couple of pictures each day to document what context you use your phone in and send them to me by mail.
• Your phone: What screen lock do you use? Mark on a scale how secure you experience the content on your phone.
• Security – computer: Mark on a scale how secure you experience different authentication mechanisms to be on a computer.
• Security – smart phone: Mark on a scale how secure you experience different authentication mechanisms to be on a smart phone.
• Notes: An empty card to note down additional comments.
• Consent: Information of how the data would be used. The participants needed to sign to confirm this.

I am still in the process of analysing the data, and will come back to the findings in a new blog post.

 

Mobile Media Design

Print screen of the prototype

This semester I’ve been taking a course called mobile media design at the institute of media and communication. As the course description says the goal was to be trained in exploring the possibilities for mobile media design, while gaining a basic knowledge about the main obstacles and how to overcome them, through a practical, project-based approach in which we would develop our own prototype of a mobile web application.

Scrum

I worked in a team of five people, three students from the institute of informatics and two from the institute of media and communication. The purpose of the this course was to learn about agile design and development methodology, such as SCRUM. The whole project was built around the Scrum-methodology, and since we did not have that much experience with scrum and we had to do the design, user testing and programming in parallel we had some trouble estimating the time. As a result of this we had to do some cuts in the product backlog halfway in order to have a potentially shippable product by the end of the last sprint.

Scrum Board

User testing of pencil sketches

Questionnaire

Usability testing

Idea

We came up with an idea about making a small talk app. We had all been in situations where the conversation does not go as smooth as one would like, this app would help us avoid these awkward situations and keep the conversation going by providing you questions sorted by context and categories.

The research question we wanted to answer in this project was:

“How can an app be used to enhance a conversation, and is it socially acceptable?”

This question could only be answered by trying out the application which made user testing extra important. We did testing throughout the whole project, from low fidelity pencil sketches to high fidelity prototype on iphones. The feedback we got from the testing helped us to map the user needs and gradually shaped the application. To answer the research question we tested the application on some fellow students in the cafeteria at the university. Some people made their friends aware of the app, while some tried to use it in secret. All the testers  used random questions from the app and did not select questions based on the context or category. After having tested the application we did some short interviews about their experience. The result was that some of the questions seemed a little bit weird and did not fit the situation, however whether the app was visible or not it did work as a conversation starter. For instance some people had a long conversation about cat vs. dogs. What was interesting about this was that most people said that they could have used the app, but was not sure they would like if someone used it on them. This brings us back to the research question whether it is acceptable to use it in a social setting. This is a hard question to answer, but we concluded that it all depends on the user and how the app is used.

The users framed the use of the app differently than we’ve originally planned, most people used the app out in the open, in stead of hidden, which surprised us. Why would they show it? One theory is that since it is a bit frowned upon to use an app to help you think of things to say. In stead they used it as a tool in the conversation, by saying things like “let’s look at these funny questions!”, and that way they made it socially acceptable.

Individual paper

In addition to the project I wrote an individual paper, describing the work process and discussing design in scrum and Donald Schöns concept of reflection-in-action. Here is the paper if you are interested in reading it.

Promo

We also made a cheesy video we made for our presentation:

 

Universal Design or Multimodal User Interface?

E.g. Multimodal User Interface (biometrics) Source: http://t3.gstatic.com/images?q=tbn:ANd9GcTxKdbyRiHlgAWHTgt69iefF3Miq0kcLGKZ1DR-fhbe-ijl5oKS3EmR87_2

There are several ways of making sure that people with disabilities are included and can use a product. Two approaches are Universal Design (UD) and multimodale user interafaces.

Universal Design aims to create products that are usable to as many users as possible without the need for addoption or specialized design (CUD, 1997).

A flexible multimodal user interface can meet different users needs, abilities, situations, preferences and devices by making it possible for users to adjust the product settings based on their needs (Fuglerud 2009; Helman 2008).

Last week I was on a seminar about accessibility and user testing: http://medialt.no/news/presentasjoner-fra-seminaret-om-brukertesting/781.aspx (in Norwegian). There it was said that in order to treat everyone equally one need to treat everyone different, because people are different! Based on this statement a flexible multimodal user interface might seem like the best solution. It will give the users the possibility to define it’s needs by adjusting the the interface in a way that suites the user best.

However, I have been looking into blind and visually impaired as a user group, and found that it is very hard to define their needs. This is a very heterogeneous group of people, there are for instance numerous degrees of visually impairments. It is also common to have a combination of several dissabilities, like old people which often experiences visually impairments in combination with poor motor skills and hearing. If one should offer alternatives to all the different dissabilities and combinations of them it had to be created an infinite number of solutions in order to reach out to everyone, it is no easy task to give treat everyone different!

With this in mind I think it does make sense to go for one solution that are designed and tries to reach out to as many users as possible.

There are several tools, both check lists and software, aimed at evaluating whether an ICT product or service compiles with different standards ans giodelines.

W3C have created a set of guideline you could use to make web content more accessible(WCAG 2.0), in addition to this they have defined three levels of conformance, A (lowest), AA, and AAA (highest). The different layers are saying something about how accessible the design is, and which requirements that are met, according to WCAG 2.0.

• Level A: For Level A conformance (the minimum level of conformance), the Web page satisfies all the Level A Success Criteria, or a conforming alternate version is provided.

• Level AA: For Level AA conformance, the Web page satisfies all the Level A and Level AA Success Criteria, or a Level AA conforming alternate version is provided.

• Level AAA: For Level AAA conformance, the Web page satisfies all the Level A, Level AA and Level AAA Success Criteria, or a Level AAA conforming alternate version is provided.

Standards and guidelines are nessasarry in order to obtain accessibility, but these does not ensure that the solution meets the users needs and challenges of various user groups. To make sure the users needs are met, user testing is essential!

Sources:

• CUD – Center of Universal Design <http://www.ncsu.edu/project/design-projects/udi/center-for-universal-design/the-principles-of-universal-design/>, 1997.
• Fuglerud KS. Universal Design ini ICT services. In Vavik T, editors. Inclusive buildings, products & services: challenges in universal design. Trondheim, Norway; 2009. p. 244-67.
• W3C Multimodal Interaction Framework <http://www.w3.org/TR/mmi-framework/>, 2003.

 

e-Me: Sound and images becomes passwords

The online newspaper Forskning.no that cover Norwegian and international research news, recently wrote about the e-Me research project and how they have tested out using combinations of sounds or images as passwords instead of numbers or characters.

A lot of todays web services that are supposed to be accessible to all, are because of safety too advanced. This is an issue that the e-Me project have looked into and tries to solve by creating a prototype and testing it on elderly to uncover advantages and disadvantages with the different methods both for people with disabilities and other people. The different methods are also ranked by the level of usability

Read the article here. (The article is unfortunately only in Norwegian. )

This is how it can look like when the test users log on using sounds. (Illustration: e-Me-prosjektet)

 

Rappid prototyping tool: Flowella

I was introduced to the prototyping tool Flowella on a meetup with IXDA Oslo for a couple of weeks ago, Flowella is a free prototyping tool created by Nokia, and I have decided to test it out in context of my master thesis. Usually at one point in the design process I create sketches in photoshop, but photoshop in it self does not support transactions and interaction.

What Flowella does is that it allows you to drag and drop image files into a library and put them together with easy image mapping, one good thing is that you can import all sorts of images, it doesn’t need to be high-fidelity photoshop sketches, it could for instance also be images of low-fidelity sketches drawn by hand if you want the focus of the testing to be mostly on the concept and content and not on details as font or color.

When you are finished putting together your sketches you can export the file to flash, WRT or QML and test the prototype on a phone that support one of these files.

I have still not created proper sketches that I can try out, but I have tested the functionality and can confirm that it at least is really easy to use. My interests are mostly design and interaction and since my coding skills are quite poor I need a tool for prototyping that do not require me to use to much time on coding and give me more time to focus on designing for a good user experience. So far Flowella looks like tool that will allow me to do this.

Source: http://www.allaboutsymbian.com

 

Master Thesis: an instrumental case study

I have now decided which case I will focus on in my Master thesis. This is a project where my main purpose is to provide knowledge about accessible authentication on touch phones. I will try to achieve this by study one individual case. The case in it self is not the main focus, but are used as an instrument to provide insight into the issue. This is thus an instrumental case study.

The case I will use in my thesis is Feide (Felles Elektronisk IDEntitet, eng. Common electronic Identity). Feide is a solution for secure identification to educational web services in Norway, chosen by the Ministry of Education and Research.

As OpenID, Feide is based on the idea of Single Sign On (SSO). The user should not have to register new user accounts on several different services, and should not have to remember many sets of user names and passwords.

Feide in practices:

• Users register once at a so called home organization where he or she is affiliated. For instance a university.

• The university saves the personal data and gives the user a log-in details.

• When the user wants to enter a service that require him/her to log-in with the Feide solution. The University checks the applied information with the saved personal data and sends the status back to Feide that reports to the service.

• The service gives the user authorization to access based on the received details from the University.

  • The user have to accept that the details are given to the service to be able to log-in.

  • On the log-in page the user can see what type of information that will be transferred if the authentication is successful.

This is what we call federated identity management which is based on the concept that services rely on user authentication at the user’s home organization.

In addition to this Feide also provides Single Log Out (SLO) of usability and security reasons, with this function you get feedback on what services you are logged into with Feide, and can chose to log out of only the one you are visiting or all of them(Feide.no).

Feide-mobile:

In this thesis my main focus is accessible authentication on touch devices. I will look especially on how the Feide technology could be used to access educational web resources om touch phones and the user group I will focus on is students.

Since the university is a public institution it is supposed to be available and accessible to everyone. This means among other things that students with disabilities should have the opportunity to take higher education similar to everyone else. And the university needs to facilitate their needs, in order for them to do so.

There are both challenges and advantages with having students as the user group in this case. Students are fast learners and open to new things, they are moving around a lot, going on lectures, labs, part-time work etc, not like a person sitting in the office all day. What is more important is that when they are on the run they uses their mobile phones a lot. Also most of the information that are published to students from their educational institution are only available online, which means that the students rely on internet connection to be able to follow an study program.

As I am a student my self it will be easy to get hold participants for my research, but it can be hard to generalize based on the information from this user group as the result can be affected by their relationship to me as a researcher and if the students are technology students they are probably more interested in and updated on technology than the general public.

“A student is sitting on the subway on his way to the university, he have an hour before lecture starts and want to check if there are any new messages on the course page, Fronter. Or anything he have forgotten about and need to do before the lecture starts. He want to use his mobile phone to access his profile on Fronter”

Feide have applied documentation on how one can enable Feide login to a mobile application, where the app should use a web page to handle the authentication dialogue with the login service (http://www.feide.no/feide-login-mobile-apps).

Step 1: The user opens the app, and presses the “Login” button.

Step 2: A browser window is opened and the user is immediately redirected to the Feide login page, where the user enters username and password.

Step 3: After a successful login, the user is sent back to the app, now as an authenticated user.

Feide is available on both Norwegian, English and Sámi but there are no configurations for accessibility, which is my approach.