Talking Usability: Legacy Systems and Their Impact on Users

By David Dick | STC Fellow

Users generally do not care if a system is based on an old method, technology, or computer system. Users want reliable, dependable, and secure systems. Every year, IT managers meet to discuss how to replace legacy systems. As long as these systems adequately serve the organization and the budget does not allow for modernization, they are likely to remain unchanged. IT managers need to weigh the cost and risk of keeping legacy systems, such as end user support, training, documentation, and security.

Employees that provide end user support of legacy systems must be retained, because they are familiar with users’ frequently asked questions and know how to work around common problems. Unfortunately, whenever they are out of the office, their absence creates a backlog of help desk tickets that cannot be answered until they return, preventing users from performing their work. Another dilemma is that when these employees inevitably move on or retire, they take their knowledge with them. Service companies might be able to fill the gap, but ultimately they also struggle to find experts with the right skills.

Training for new users on a legacy system is often nonexistent, because the only people capable of providing the training are the same people that provide end user support. Even if there is a user guide or tutorial, users still prefer to call the help desk. Often, the help desk will perform the task because it’s easier than explaining to a user how to do it.  IT managers need to be aware that a lack of training is creating additional work for the help desk.

Documentation on the design of legacy systems might exist, but it likely hasn’t been updated. Documentation is always needed whenever new system administrators, stakeholders, and IT managers want to know how the system processes data, generates reports, connects to the network, and interfaces with other systems. IT managers can create the unrealistic expectation that system administrators and staff maintain documentation, but neither of these groups have the time for such a daunting task.

If a legacy system is created on a platform that a vendor no longer supports, a third party vendor must be contracted to support it. However, operating systems without security patches are prone to hacking, viruses, and other malicious attacks. If it’s not possible to update security patches, the only option to protect the system is isolating it from the rest of the enterprise, which might not be practical if it interfaces with other systems. The value that system security auditors provide is conducting network scans to identify system vulnerabilities and bringing them to the attention of system owners.

All things considered, legacy systems provide critical services to organizations, and replacing them isn’t easy. That’s why IT managers need to be aware of the people who ensure those systems are up and running, and the impact those systems have on users.

Talking Usability: Don’t Trade Security for Usability on Your Smartphone

By David Dick | STC Fellow

The convenience of mobility and an infinite number of mobile applications has changed the way we use a smartphone. Consequently, we store a lot of personal information on a smartphone such as email addresses, passwords, travel information, driver’s licenses, personal identification numbers, boarding passes, credit card numbers, bank account numbers, telephone numbers, and photographs. Would you want someone to break into your smartphone and retrieve the data for nefarious use? Obviously not, but nevertheless, few of us take the same precautions to protect our smartphone that we do for our laptop or desktop because we do not want to complicate its use.

You probably have a password set on your laptop and run virus protection software. You might protect documents with a password, which isn’t foolish or impractical given how easy it is to break into a computer.  Unfortunately, many of us do not want to enter a password every time we use our smartphone because it’s an inconvenience. Likewise, we do not want to re-enter a user ID and password every time we access a mobile application, so we allow applications to remember our user ID and password. In so doing, we trade security for usability by making it easier for someone to access our data if we lose our smartphone.

Smartphones are easily stolen. You could be waiting for a bus or taxi while reading email, or walking with your smartphone in your hand (which everyone does) and a thief grabs it and runs. Smartphones have a feature that causes them to turn off after several minutes of inactivity, thereby requiring a password to re-open it. Unfortunately, most people turn off the feature because it makes the smartphone inconvenient to use.

We trade security for usability when we use public WiFi networks. Most WiFi networks cost nothing, such as those available at hotels, libraries, restaurants, and coffee shops. Other WiFi networks require a small fee to connect. A WiFi network offers the advantage of reducing the use of our smartphone’s data plan. But did you know that it’s possible for someone to run a network detection application from a smartphone and scan the users logged into the WiFi to view their activity? The solution is simple: use your data plan instead of a public WiFi network.

It’s easy to forget our smartphone on a bus, at a restaurant, bar, office, or coffee shop—it happens all the time. All smartphones have a feature that locks the device after three unsuccessful attempts to enter a password. However, if you do not require a password to access the smartphone, the feature won’t work.

The smartphone’s operating system and web applications receive periodic updates that fix bugs and security vulnerabilities. Many users ignore installing the updates because they don’t know that by not updating, they’re leaving the smartphone open to viruses, malware, and hacking. However, installing the fixes and security patches is as simple as tapping the “update” button.

We err in judgement when we trade security for usability, which I refer to as ‘convenience of use.’ When it comes to protecting mobile devices and the data they contain, there’s no compromise for security.

Design and Testing Sessions to Give You the Edge

By Michael Opsteegh | Design & Testing Track Manager

As you plan your STC Summit schedule, I highly encourage you to check out the variety of sessions offered in the design and testing track. These sessions were hand-picked from many excellent proposals for the Summit, and they were selected specifically to help you “Gain the Edge to Get Results.” The design and testing track offers sessions that target new technical communicators, as well as sessions intended to advance seasoned professionals. Here’s a sample of sessions that are on my must-see list:

  • Walk in Your Customer’s Shoes—Learn the Art of Journey Mapping. Journey maps help us clarify the needs of users, identify their pain points, create targeted content, and advocate for interface improvements. This interactive session will teach you how to create journey maps—either with your product team or on your own. You will also learn how to apply the journey map process to targeted content. Read more.
  • Gamification of Instructional Design. This session focuses on the role of “play” in online learning by exploring design-thinking methods and tools that you can use to engage your learning communities in “play.” Participants will be able to experiment with these methods and tools, and actualize “play” using Learning Battle Cards—a deck of playing cards designed to inspire and facilitate a variety of instructional design and development methods. Read more.
  • Prototypes of Use: Adapting Content to the Usability Expectations of Different Contexts. This session discusses how the cognitive psychology concept of prototypes can be used as a method to understand expectations of usability in different contexts and adapt content to user needs across a range of settings. In so doing, the presenter will walk attendees through applications of this approach in different settings. Read more.

You can find the complete list of sessions and start building your schedule by going to https://summit.stc.org/schedule.

See you in DC!

Selecting the Best Technology to Support Your Content Reuse Strategy

Content Reuse Strategy

Selecting a new technology isn’t easy.

It can be overwhelming to figure out what type of technology solution your company needs, which often leads to inaction. Companies today realize that they need to take advantage of content reuse in order to save time, save money, and generate higher-quality documentation.  A successful content reuse implementation requires a well-planned, well-thought-out content reuse strategy and technology that effectively supports this strategy. Often, technical communicators must lead this effort because they are working with the content, tools, and writing teams who are critical to the success of any content reuse and management efforts.

There is no universal, one-size-fits-all content reuse solution.  There are countless vendor products, each differing in features, functionality, price, and complexity.  With all these possibilities, it’s easy to get lost.

This article is intended to help writing teams and company decision makers identify and prioritize needs in a practical way. Then, apply what you have learned about your current state and goals to figure out which technology solutions excel in the capabilities that are most important to you. At the end of this article I have provided a few examples and definitions of capabilities content reuse and management solutions have – Please contact me directly for the complete list as a useful reference and I’ll be happy to share it with you.

What is Content Reuse and Why Should you Care?

Before we continue, let’s all get on the same page about what content reuse means. To put it in simple terms – Write once. Approve once. Use everywhere. This is the goal and this is what your company needs. Why? Because content costs money to create and maintain, it takes a lot of time to create and maintain, and the quality of the content (especially customer-facing content) has a direct impact on revenue and reputation. Whether your company is creating technical documentation, sales proposals, SOWs, or quality standards, content is critical to making money. Content reuse is critical for saving money.

Let’s talk Technology…Where do you Start?

First you need a plan. Don’t worry, you already know the answers to the questions I’m about to ask. You just need to think about them in the context of content reuse. Out of your company’s responses to these questions, a content reuse strategy will evolve:

  • What content will be reused? (Map out your content. What should be the same but currently isn’t?)
  • Where will it be reused? (Identify company departments who need to share content, document types, etc.)
  • Who will need to reuse it? (Identify roles and responsibilities who need access to content. Content reuse isn’t just for technical writers anymore.)
  • How is it going to be reused? (How are your documents created? How else is your content distributed?)

Content mapping is the easiest way to visualize where content crossover exists within your company. Take a handful of representative documents or content outputs and analyze how they relate or how they should relate.

General Unsolicited Advice

There are a few things that are important to consider before you dive into specific features and technical capabilities. In the technical communication industry, we’re inundated with information about XML and related technologies. It’s important to understand that XML does not equal content reuse nor is it required for reuse. There are many tools that use XML-structured content as the basis for content reuse solutions and they can be very powerful. For some, this type of solution is ideal and allows them to achieve new content distribution goals. For others, XML-based solutions are far too expensive, inaccessible to certain types of writers, and just too “big” of a solution. Keep this in mind as you are reviewing capabilities of solutions but also when considering what implementation really means for your company.

When choosing a content reuse solution, you’ll need to understand your budget and desired implementation timelines. As you begin to evaluate solutions, you should be equipped with this information so that you can have open discussions with vendors about it. They will be able to tell you in a very real way what you can expect as far as training requirements, ease-of-use, and overall cost of entry. That all needs to fit in with your needs.

Also, be sure you understand any technology constraints that your company may have. For example, if your company uses only Microsoft products, you need to find solutions that fit in with that. If you already have an in-house tool, be sure that other tools you evaluate do not conflict and that you’ll be able to meet any IT requirements you’ll need to adhere to.

The most important thing you need to keep in mind is that you want to set your team and company up for success. Invest the time in collecting the necessary information as well as training. Use your technology vendor’s expertise and let them provide you with their proven path toward success. They know best and want you to succeed.

Prioritizing Technical Capabilities

Before you begin evaluating technology solutions, it’s important to determine which capabilities are most important to you. I have compiled a list of capabilities, descriptions, and considerations found in content reuse technologies. You can use this list to prioritize what you are looking for in a solution – which capabilities are must haves, nice-to-haves, and not necessary for your team.

Here is just a small sampling of the capabilities you will consider when selecting content reuse technology. For a complete list, please contact me directly (lisap@36software.com) and I’ll be happy to provide you with this practical guide to content reuse capabilities.

Capability Description Considerations
Component Reuse The ability to reuse a chunk of content across documentation. Other common terms for “component” include snippet, chunk, topic, etc.
  • This is a fundamental capability that any reuse solution should have.
  • Components can be text, formatted content, graphics, tables, or other media.
  • Reusable components should be stored in a centralized library that supports versioning.
Metadata and Taxonomy The ability to classify your reusable components so you can easily find and reuse them later on.
  • This is a fundamental capability that any reuse solution should have.
  • Metadata is stored with your reusable components so you can search for them later.
  • Taxonomy provides a logical classification (think folder structure) for your component library.
  • Ensure your solution’s metadata and taxonomy capabilities are easily configurable so you can customize them to meet your needs.
Where Used The ability to track where, when, and who reused content.
  • This is an important capability if you will be reusing content in living documentation.
  • Facilitates impact assessment and content updates by showing you what documentation is using a reusable component.
Document Assembly The ability to easily assemble new documents from existing content.
  • This is an important capability if you will be using reusable content to generate repetitive documentation.
  • The solution automatically finds relevant content based on the context of the documentation the user is generating. (example: a sales associate answers a series of questions and the solution auto-generates a draft of a sales proposal using reusable components)

For the complete list, please contact Lisa Pietrangeli at lisap@36software.com

I look forward to hearing from you and sharing more information. Remember: your company’s needs may seem completely unique but there are certainly others facing the same challenges. The good part about that truth is that there is someone out there who has developed a solution that is right for you. Good luck in your search!

About the Author

Lisa Pietrangeli is a managing partner and executive director at 36Software. At 36, Lisa specializes in working with clients to develop customized content development strategies. Lisa brings over 14 years of experience to 36Software, having worked extensively with companies around the world, helping them to streamline their content development and localization processes. Before joining 36Software, Lisa was director of global client solutions at Language Intelligence, where she worked with clients to develop internationalization strategies for all stages of the content development process, from authoring through to translation. Her extensive experience has included everything from project management, resource selection and management, to business development, localization consulting and managing client relationships. Her experience, combined with her analytical skills, make Lisa an ideal partner with whom to evaluate content development and localization processes, develop proof of concept, and tailor solutions for organizations of all types and sizes.

Lisa Pietrangeli
Managing Partner
Executive Director of Operations and Business Development
36Software
lisap@36Software.com

SmartDocs remains the global leader in MS Word Content Management. Learn more at 36Software.com.

 

Talking Usability: There’s No Such Thing as a User-Friendly Password

By David Dick, Fellow

Passwords are required for all types of online activity to authenticate the user.  One thing is certain: until technology provides a better solution to passwords, we must learn to create strong passwords and remember them in order to safeguard our personal data from hackers.

There are ways to circumvent the effort to remember passwords by checking the box labeled “Remember Me.”  “Remember Me” works well for mobile devices because the keys on the keyboard are often too small to enter a complex password.  Just remember to create a security code in case the mobile phone is stolen to prevent thieves from accessing the data. Come to think of it—many people do not use security codes for their mobile devices because it’s another number to remember.

Although there is an international standard for the definition of product usability (ISO 9241) there is no corresponding standard definition for password usability. In “Users are not the enemy,” Adams and Sasse identify three usability characteristics that users desire of passwords: easy to remember, able to be used across multiple systems, and rarely change.  You will learn why these desired characteristics do not contribute to creating and managing strong passwords.

If you have ever forgotten a password and created a new one, you have seen these four guidelines:

  1. Use at least eight characters; a combination of numbers and letters is best.
  2. Do not use the same password you have used with us previously.
  3. Do not use dictionary words, your name, e-mail address, mobile phone number or other personal information that can be easily obtained.
  4. Do not use the same password for multiple online accounts.

If you are like me—you ignored the guidelines and created an easy to remember password. But do you know why these guidelines are important and why you need to adhere to them?

Use at least eight characters; a combination of numbers and letters is best. Most fields for passwords are not a fixed eight-character length. Nevertheless, we create eight character passwords because they are easier to remember. Unfortunately, the eight-character password is less secure than a password containing 16 or 24 alpha numeric characters with dashes and special characters.  The password “love1234” is less strong, but easy to remember.  A password that uses letters from a phrase such as “I’ll see you at the STC Summit, May 2017” written as “ilL-cu-@-stc-SumiT-05/2017” is not only easy to remember but also a strong password.

Do not use the same password you have used with us previously. If the website was successfully hacked before, there is a strong probability that the hackers will use the same passwords to hack the website again. Thankfully, most websites prevent users from reusing a password when requesting a new password. If you successfully circumvented the validation of the password by adding a number at the end of the password, the next guideline becomes important.

Do not use dictionary words, your name, e-mail address, mobile phone number or other personal information can be easily obtained. One of the methods hackers use to gain access to users’ data is to use a “Dictionary Attack”, which is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by trying hundreds or sometimes millions of likely possibilities, such as words in a dictionary.  Ironically, many websites allow users to use names, e-mail address, mobile phone numbers, and other personal information for User Names.  If developers implement a method to measure the strength of a password, allow users to select a system-generated password, and define rules to check for dictionary words, e-mail addresses, or phone numbers, then the password is one step closer to being “hacker proof”.

Do not use the same password for multiple online accounts. We are likely to use the same password because we don’t want to burden ourselves with remembering too many passwords.  Hackers attack multiple online accounts reusing user credentials (user name and password) in hopes of getting a match.  If we use the same password for multiple online accounts we help the hackers and put ourselves at risk of having our data stolen.  Even worse, our account could be held for ransom until we pay a fee to release it.

Online retailers make the registration process simple by allowing easy-to-remember passwords and security questions so as not to frustrate users; however, ease of recall comes at a risk.  Strong passwords can slow or often defeat the various attack methods of compromising a computer’s security. Until technology provides a better substitute for passwords, the need for strong passwords is not going away and neither is the pursuit for user-friendly passwords. Maybe an amendment to ISO 9241 is necessary to create a standard definition for password usability.

References

Griffith, Eric. Password Protection: How to Create Strong Passwords, PC Magazine, November 29, 2011

Adams, and M. A. Sasse, “Users are not the enemy,” Communications of the ACM, vol. 42, no. 12 (December 1999), pp 40-46. http://dx.doi.org/10.1145/322796.322806.