How we worked with the Information Security team on their Multifactor Authentication help pages
Earlier this year, we worked with the Information Security team to improve their help pages for the rollout of Multifactor Authentication (MFA) across the University. These help pages are important, because potentially thousands of staff will be using them as they enable MFA on their University Office365 accounts.
What is Multifactor Authentication?
When you log in to an online account, you typically have to enter your username and password. Multifactor Authentication is an extra layer of security that can be added to this login process. For example, after your password has been accepted, you might then have to enter a code that’s been sent to your phone. Or you might have to tap “Yes, it’s me” on an authentication app that you have on your phone.
The content design process
The Information Security team had written up some draft webpages to help staff enable MFA on their University accounts. They got in touch with us to get some content design advice on these pages ahead of publication. Because timescales were tight, we recommended some quick testing with their target audience to get a steer on whether the content made sense. They were able to recruit participants for this via the Human Centred Network, and the testing was carried out remotely.
Rather than edit the MFA content directly, I ran a small group writing session with colleagues from the Information Security team. They could bring in expertise in the subject matter while I advised on best practice in content design. The advantage of this approach versus a straight edit was that it enabled the Information Security team to learn a bit about content design and understand the reasoning behind some of the changes I was making. This way, they could apply this knowledge for future iterations of the content.
We suggested the following tips to improve the readability of the content:
- reduce the amount of text that people have to read
- break the content into chunks
- add subheadings
Short, chunked text makes fewer demands on a reader’s working memory, and this makes the text easier for people to understand.
Subheadings make it easier for people to scan a page of text when they are looking for a specific piece of information.
For more information about improving readability, see our Editorial Style Guide, our training course Effective Digital Content, and some webpages we link to from that course:
Finding alternatives to tables
One piece of content in the prototype site was a 5-column table outlining the features of different authentication methods.
Tables with multiple columns don’t display well on small screens. The content of a table can also be hard to make sense of when you hear it read out by a screen reader. So where possible, it’s good to consider alternatives.
We were able to restructure the content so that a table wasn’t necessary. In the restructured content, the same information is presented as subheadings and paragraph text. This solves the display problem, and makes the text more accessible.
Finding alternatives to flowcharts
Another piece of content we suggested changing was a flowchart to help people decide which authentication method is right for them.
The flowchart had a similar problem to the table. It didn’t display well on small screens, and it wasn’t accessible.
We were able to support the team to rewrite the flowchart as text. This could then be presented alongside the flowchart, which helps ensure that everyone can access the content.
The Information Security team carried out usability testing on their content. This involves recruiting representative users of your website and setting them tasks to complete. Then you observe how easy it is for users to complete those tasks.
We’re keen on this approach to improving your web content because it is the best way to ensure the content being created is appropriate for the people it is intended for.
It was great to be involved in some of the content design for this project to help ensure the content was appropriate for the people intended. For future projects, we would love to be involved at an earlier stage so we can help embed a user-centred approach proactively instead of reactively. Speaking personally, I really enjoyed getting to grips with some of the complexities of MFA and the challenge of explaining this in simple terms to users.
Given the time constraints we had with this project, I thought about what we might have aspired to with more time. It seems clear that a simple explanation of a complex process is a good thing. But the best thing is for the process itself to be simple.
Here’s how the Government Digital Service put it:
Making something look simple is easy. Making something simple to use is much harder – especially when the underlying systems are complex – but that’s what we should be doing.
Universities have lots of systems and processes that are complex, and clearly written guidance can help us find our way through the weeds. But we shouldn’t lose sight of the promised land: processes that are simple in themselves. It’s not the snappiest rallying cry, but I think it’s something we should be aiming for.