I’ve actually taken part in a few usability studies — as a participant, rather than a researcher — and what struck me looking back is how the tests focused on finding out whether users could easily do what the researchers wanted them to do. Basically, the researchers would make a list of the things they wanted a user to accomplish — making a booking, finding a contact form, performing a search — and would then test how easy it was for the participants in the test to perform those actions.

This is completely wrong.

What those researchers should have been doing is asking test participants what they wanted to do: usability tests should be framed in terms of “what do you want to do here”, not “how easily can you do what we want you to do here”. This makes tests much more open ended, but in the businesses in the real world don’t decide how people use their websites, and that sort of decision shouldn’t be made in usability tests either. Let the users decide; let the design follow.

I suspect that most people who love web standards and usability are probably geeks at heart: we like nice clean systems and we love it when things fit together in a clean, coherent whole. We don’t like mess, we don’t like complexity.

This is also a good thing.

Trouble is, we forget why we do this stuff. We forget that usability is about, you know, making things easier to use, and make it instead about following rules, evangelising, doing the “right thing”. We criticise websites which don’t properly use web standards without remembering why those standards are important — this isn’t a competition to see who can best conform to the HTML specs; it’s a chance to make sites which work better for normal people.

Yes, normal people. Because we’re not normal. In comparison to the majority of people who operate online, we are different, because we understand how the system works! If you’ve every watched your mother, or grandmother, use the web, you’ll know what I mean.

These — your mother, your grandmother, the non-techies — are the people who web standards, usability, and all those other disciplines are made to help. The most important thing is this: when used well, these disciplines should not be apparent to website users. Those users don’t care how good websites are implemented; they just care that they’re good.

Take a look at the progress of other technology: Apple’s iPhone is easy to use, intuitive, simple. Do normal users care that it’s running HTML5 with offline storage? Do they care that its browser is one of the most forward-thinking when it comes to web standards? Do they care that it uses a custom operating system? Of course not. These things are all great, but they’re great because they help make the iPhone easier to use.

When you get down to it, what is the web? It’s a way for humans to communicate. Whether you’re buying a book, booking a holiday, subscribing to a mailing list, or developing an application, the web should be made for human beings — it was created to help human communication and (unless we’re going to get all sci-fi) that’s what it will always be for.

Next time you’re knocking some poor young HTML student for using <b> instead of <strong>, or droning on about usability like everyone should give a damn, take some time to put things in perspective. Our primary aim on the web should be to help other humans; everything else is a waste of time.

I’ve been wanting for a while to get Derek Powazek’s Depo-Skinny theme (which I love, and have modified quite a bit) to show excerpts instead of full posts on the home page. This was inspired by John Nunemaker’s railstips.org, which does a nice job of showing an overview of posts on the home page.

I’ve always thought that full posts on my home page is too much, because I tend to write a lot (long, boring, geeky stuff mainly — that’s boring unless you’re a Ruby or Rails developer!). Up to now, I’ve been avoiding digging into Depo-Skinny’s PHP code because, well, I don’t like PHP :)

This morning though I jumped in and spent some time writing excerpts for recent blog posts, and fixing the theme to show them on the home page (I used WordPress’s the_excerpt()). I think this is a big improvement: you can scan the home page and easily see what I’ve been writing about recently.

I’ve also replaced the old header photo with a Wordle, which is another idea I’ve stolen from elsewhere :) This time, it’s from wordpressfoundation.org which, by the way, uses a new theme called “2010″. Looks nice.

So, a little bit of redesign work and I’m much happier! Check out my home page — what do you think?

Developers, geeks, and the security conscious think like this:

I need to protect this website/application so criminals don’t steal my personal details, bank account number, or email address. I should choose something secure: preferably a random collection of letters, numbers, and symbols. Plenty of websites store passwords as plain text, too, so I should pick a password that’s unique. I won’t be able to remember it, but my browser/keychain can handle that and the website/application will be much more secure.

Ordinary users think of passwords like this:

I have to type something into this box to make the website work. I’ll type “12345″: that’s easy to remember.

This is a problem.

Most ordinary users are aware of security as a vague, secondary concern: “someone might take my credit card details” or “emails can contain bad stuff”. Most ordinary users do not see passwords as a key part of security, and even if they do, they don’t really understand the implications of choosing a bad one.

To ordinary users, a password is not a security feature: it’s a hurdle to be jumped before they can do what they want to do.

How do we combat this? I don’t know. The tough option would be to check password strength and force users to choose a strong password. In the same way that websites validate email addresses on signup forms, they could validate passwords too.

Imagine if, in HTML5, you could do this:

Where “secure” is some attribute that requires the browser to validate the strength of the password” (alert message “The password you chose is too weak: please pick another”).

I don’t know how well-recieved this would be by users. At the moment, there is a slight attempt to encourage users to understand the importance of strong passwords, but this is second- or third-hand information to most users, at best.

As developers, we have a responsibility to help users understand the importance of passwords. I do it all the time, but I’ve come to think that a simple password field (with no validations) isn’t enough. Something needs to change.

There’s usually nobody looking over your shoulder when you log in to a website. It’s just you, sitting all alone in your office, suffering reduced usability to protect against a non-issue.

The spots, stars, or dots you get when you type in a browser password field are, I think, designed to give the illusion of security — I can’t see what I’ve typed, therefore it’s well-hidden. Wrong. As JN says, the real usability costs outweigh any perceived benefits.

Browsers should show text in password fields by default, and provide an option to turn on password masking for public computers.