Opinion

When usability affects business

Today's column is going to be unusual. There will be no business data quoted, only anecdotes aimed at illustrating how, in some cases, technology has grown to be a hurdle rather than a simplification. Let me start with a question for the readers: Have you ever had a bad tech day? One of those days when nothing seems to work: the WiFi connection is lost, internet banking is down, and the 25th OTP of the day is not reaching your phone. Those days when technology seems to have gone on strike against us.

I just had a few recently, mostly because I relocated and had many new services to activate. That gave me a picture of how intertwined and convoluted technology has become. Let me start with yesterday evening. I had an excellent meal at a Thai restaurant in my neighborhood. After I paid—effortlessly with Apple Pay and face recognition—I noticed a QR Code on the counter. It was the Google Reviews counter stand. I almost never leave reviews unless asked. But in this case, I decided to support the business by sharing a 5-star review. So, I opened the QR Code scanner, and that's when technology went on strike. No, not the scanner—that worked fine. Not even the internet connection. In a few seconds, I was already on the review page. Only when I clicked the 5th star did the problems start.

You see, to leave a review, I need to be logged in as a user, right? Here's the first objection I have, frankly. I'm just praising a business; why do I need to authenticate? I hear you. It's because otherwise, anyone could praise their own business all day by tapping 5 stars.

Or worse, a competitor could tap 1 star to damage the reputation. I get it. But I have just completed a transaction and paid with a digital card; my transaction is already authenticated. If only Apple Pay could share the transaction details with Google Reviews. But no, they don't communicate. Therefore, it opens up the paradoxical scenario where I could leave a review on Google without proving that I have ever dined at that establishment. It makes no business sense to me, but let's play along for a minute.

Google then asks me to choose which account I want to use to log in. Given the nature of my job, I keep multiple accounts. So, I pick a personal one, just for this one restaurant review. But Google tells me that my session has been terminated and I need to re-authenticate. 'It's okay,' I think. 'This will only take a few seconds thanks to face recognition.' But first, I'm asked to enter the password. So, I open my password manager and pick the password for that account. But that's not enough. Now Google wants to make sure it's really me who wants to give a 5-star review. Not paying for the meal, which I could settle in a few seconds with face recognition. Google now prompts me to authenticate further with 2-Factor Authentication (2FA).

And so, Google sends me a One-Time Password (OTP). Apparently, my 20-digit highly secure password that I entered through face recognition isn't enough. Now I need to use a 6-digit password sent via SMS to my Singapore number, which I don't have with me because I'm in the UAE using another SIM card. You can sense my frustration. So, I abandoned the review for the Thai restaurant, thus effectively damaging the business.

This was just the tip of the iceberg. Over the past few weeks, I had to download countless apps and create countless accounts for pretty much anything I bought. New WiFi Router? Download the app, create an account, store it in the password manager. New digital padlock for my door? Same: new app, new account. I understand that a new bank account and new insurance will need a new app and a new account, but, I kid you not, my new robot vacuum cleaner also asked for a new app and a new account. Some of these rabbit holes are so deep they are beyond my understanding. I bought a new television.

To get it to work, I needed to first log in to my WiFi, which I had just set up with a new username and password, then create a new account for the television manufacturer. Then, to watch YouTube, I needed to triple authenticate with a QR Code, password, and OTP, and to watch the TV of the service provider, I had—of course—to create an account and authenticate.

I consider myself tech-savvy and well-versed in cybersecurity matters, but I can't help but think that things are now worse than 10 years ago. Why so? Well, because there is no distinction between sensitive and trivial.

I can spend thousands of dollars in 5 seconds just by looking at my phone through face recognition. But I have to triple authenticate to praise a restaurant or to vacuum clean my floor. I hope that tech visionaries smarter than me are now envisioning a future where all this authentication need is balanced around the risks associated with a security breach. But most importantly, I'm concerned about the elderly. I'm sure that if my mother ever read this column, she would have no clue what I'm talking about.