I’m going to say the most hated word in the English language. Are you ready? “Password.” I know, your eyes have already glazed over, leaving you exhausted with a side of existential dread. Ugh, a password? I’m not still logged in? Wait, can I remember it? Was it stolen? Am I going to need to reset it?
“It’s kind of obvious, but security isn’t the reason any users signed up for our product,” says Jonathan Skelker, product manager in account security at Google. “They want to use our product, get the utility. But having an online account comes with security . . . and it’s a delicate area to work in. You need users to be on board with you.”
Managing passwords and account security is something that none of us really wants to think about, let alone hunt down when something goes wrong. And so today, Google is releasing a new design that will overtly warn you of security problems across all of your accounts. Kind of like the bat signal, it will only be used in the case of pretty big emergencies–like that you need to change your Google password because someone else has acquired it.
Previously, Google would have sent you an email, or Android users, a push notification. The new design is a pulsing red circle, with a red alert badge, that appears around your google account avatar like a bullseye. You might not realize it, but over the past two years, your avatar has made its way across Google services: in Gmail, Google Docs, Google Photos, and pretty much every Google app out there. And for the most part, you don’t notice your avatar. But when it’s pulsing red? You do. When you inevitably tap on your circled avatar, Google will usher you to a security page with more information on the attack, and instructions on how to update your account.
“When we know there is something happening that requires your attention, we want to make this very clear to get your attention immediately,” says Barak Rothschild Shapira, a product manager in identity at Google. “We use the patterns we have to create this critical sense of urgency . . . in a consistent way across products.” Crucially, the new design cannot be exploited by clever hackers.
For Google to build this relatively simple design was a lot harder than it may look, and it required Google to rethink how it approached security across the board, according to Guemmy Kim, Google’s head of account security. She has been at Google for 15 years, but she’s relatively new to security, having entered the account security space six years ago.
In her early days on the security team, Kim led the development of My Account, which launched in 2015. It’s hard to remember what it was like to manage a Google account before there was this single page to skim over your various ties to Google services, including the option to take a 2-minute security checkup.
“Security was traditionally led by engineers. We talked about attackers a lot, but there wasn’t a lot focus on the users—how do they feel, [or ensuring they] understand things and get through moments of crises,” says Kim, who became the first product manager to lead Google’s security efforts. “Up until then there wasn’t an articulation of how important the user was in this equation.”
Indeed, Google’s first security alerts were emails, which the team admits were overloaded with highly specific technical data that made little to no sense to a user, included as many as six different links for users to click, and didn’t necessarily tell them what was most important to do next.
In 2015, Google began sending Android users push notifications for critical alerts. With sharper language and a single link to follow, the updates were remarkably effective. Four times the number of people engaged with these notifications over the emails. A third of people responded within 10 minutes. And 20 times more people responded in an hour, compared to email.
“We had to balance the tone of that alert versus when we think someone might be in your account. So we used the word ‘security alert,’ then add the word ‘critical’ alert when it’s more important,” says Skelker. “That was great—the next stage in evolution of our alerts. But there was still a large population being left out at that point. That’s actually iOS users. We can’t send them native notifications.”
In 2016, the team added those “a new device has logged in to your account” notifications—again, to Android users. Then in 2017, they redesigned all email alerts, with a design that led to 10 times the engagement of the emails Google was using before.
“We took a lot of care to bring the human language to users and we’re talking to them like real people,” says Kim, who adds that Google extended these courtesies even to users who had their security troubles solved by Google by the time they see the alert. “Historically we’ve just been like, ‘see ya!’ Now there’s more of an effort to say, ‘Don’t worry, we took care of you—and you don’t need to do anything,’ or ‘You need to change your password.'”
Google’s bedside manner improved. The company learned to be assertive without being annoying. “That’s a great start, but email isn’t a great channel [to reach someone],” says Skelker. “Particularly for security alerts, we want you to respond quickly.”
What Google wanted was something as universal as email that could work across platforms, but something as quick and as jarring as a push notification it could send to its Android users.
Now, Google is introducing its biggest front end security design update in three years, meant to solve all these problems. That’s the pulsing avatar alert I’ve dubbed the “bullseye.” And while it doesn’t look all that complex, there’s a lot of thought hidden in this design.
First, it solves the problem of universality. It can reach you at any Google service you visit, because of the company’s recently unified design, which features your avatar up top.
“This coherent presentation of your account allowed us to move forward,” says Liron Jacobi, the UX lead on the new security alert.
As Jacobi explains, the team had to define the risk threshold—or what was the right situation to apply this alert to someone’s account. Should it be used for everything? Probably not, or you might just begin to ignore it. They opted for the most extreme circumstances only—most users should see this alert once in their lives, or never at all. What do those extreme circumstances entail, specifically? Google declines to clarify with finer details, citing reasons of security. But generally speaking, the alert would appear if your accounts were at high risk of being hacked (or in the process thereof).
The next question was, how big and bold do you make the alert itself to convey urgency?
“We could theoretically take over the entire screen and put something red and blinky across the entire screen,” says Jacobi. “But shouting louder is not necessarily the best approach working with users.”
Ultimately, the bullseye was inspired by what the security team saw was going on inside Google Photos, which was using a similar badging effect on avatars. (Instagram takes a similar approach in adding a ring UX to avatars, too, to signal a user has new updates to their stories.)
The effect is that, when you open your email or docs, you will absolutely notice your own face blinking red back at you. You will be drawn to tap on it. And from there, you will be instructed what to do next. But this prominent avatar takeover is about more than getting your attention. It also protects you from phishing—from bad actors pretending to be Google to get your password via email or text—by design.
“It’s not spoofable,” explains Skelker, because your avatar is part of Google’s own user interface. “One of the biggest problems we have with security alerts . . . is the fact that whenever we create a new pattern, the first people who adopt it are attackers.”
Going forward, Google has no interest in making you think about your security any more than you do today. As Kim explains, Google already blocks the vast majority of attacks on your account, without you ever knowing, and that’s not going to change. However, there will always be times that you do have to think about that terrible word: password.