HTTPS Dashboard

Pulse

An amazing developer at 18F, Eric Mill, created a domain scanner tool that could assess if a gov domain was maintaining correct HTTPS cyphers and protocols.

A lot of users of government websites lack trust because of the number of fraud websites that are on the internet, claiming to be a government web service.

If Google chrome were to flag that “This site is not safe” this would have a great affect on how people trust a government website. Google was going to be making this a mandatory flag on July 2018.

Style

When we forked the repo, we had to make a few changes:

Create less cognitive load on a single page
Adjust the spacing elements, typography, and colours to be easier to read on small and low contrast screens
Be creative with the designs but also be in-line with Canada.ca’s tone and style
Use one chart per page as the focal point, rather than three on a page

UX and research

We decided to run some low-level guerrilla testing to see how managers understood the tool and where to navigate to in order to direct their IT teams to make decisions.

A modal that described each cypher and protocol in a modal on the dashboard, and connected each piece to the new ITPIN policy.
Add a organization name, use an accordion to list domains under each org
Make the search bar more explicit
Create a direct and active service title

Going forward

This tool was taken over by OCIO, the department who made the policy. It started as a side-of-desk initiative, and turned into something a department wanted to grow.

I am really happy with the relationship we created with their cyber security director. The added aspect of conducting user research was really appreciated and she understood the value of continuing this type of research as they iterated on the tool.

HTTPS Dashboard

Overview

Challenge

Role

Pulse

Style

UX and research

Smaller dashboard

Going forward