The balance between too hard and too easy

photo by
photo by

Like you, I have lots of accounts for applications. And I usually remember the passwords (ok, maybe not always). To avoid this problem, I use two factor authentication whenever possible. Two factor authentication is the use of an external token (at one time the dreaded RSA token, now an app running on a device you control that’s usually in physical proximity to you).

Too easy, or too hard?

Two factor authentication is an excellent example of a “needs to be easy enough to use, but hard enough to provide protection” problem. If you make it too hard, no one will use it. If it’s too easy to subvert, it’s also easy to hack. This is quite similar to the balance you need to strike when asking someone to use any new feature in an application.

Trust is the core of using a new feature – why do you believe that it’s ok to use and what’s the potential harm of getting this wrong? In 2-factor auth, the penalty for getting the problem wrong is pretty steep. In a typical feature the danger might be quite low. In both cases you need to tell the consumer what’s going to happen, give them a means to know and validate what’s happening, and deliver a clear benefit that will drive them to complete the task.

The Nuts and Bolts of the Process

What does this look like in practice? Take two factor authentication as implemented by Twitter. The process is pretty simple: register a phone, validate a code sent to that phone, and use that mechanism to validate with a six digit code any time access is requested on that account by an unknown source. Not bad, but not a true 2-factor implementation either – that would require an external program like Google Authenticator and a code that changes every 30 seconds seeded by a program running on a remote device.

Great. So now how do you manage the strange UI of switching applications, copying an “exploding code” back to the application that needs it, and making sure that the consumer can do the simple task of logging in? Login is a constant problem even without adding these layers. Twitter probably chose the simpler approach because it’s relatively simple. I say relatively simple because explaining authentication methods is never simple to everyone.

Product Design Takeaways

The takeaway for product design is that every feature needs to be simple to explain and have a clear benefit to the consumer. The guts of the implementation might be super complex, and if you can’t say it simply, the consumer will go away. Make it hard enough and easy for the customer: hard enough to provide the value the feature promises and easy enough that the consumer sticks around.

You need a better content calendar

We have a content publishing problem

photo by
photo by

Hey you there. ┬áThe one with the combination of WordPress, Hootsuite, Tweetdeck, Twitter, Buffer, Facebook, Pinterest, Google+, Slideshare, Excel, Word, and a Google Docs mishmash of information ending in Google Analytics, Mixpanel, Apptentive and others. You and I have the same problem. We want to be better at what we love – publishing valuable content for audiences that appreciate it – and we want to measure it. We also want to know which content published by which person at which time was effective. And we need to do this without the compendium of technical knowledge and project management skill that it takes today to get this done.

Consider this exchange and you’ll get the idea of why this is difficult.

a conversation among community manager types on Facebook
a conversation among community manager types on Facebook

There has to be a better way

You need a better content calendar (and so do I.) You’d like to have the ability to make a campaign, syndicate information to multiple channels and to track analytics in the same place. You need to schedule this content for days or weeks or months in advance. You’ll need to do this for multiple authors and also have a big red STOP button to make this information cease when bad things happen in the world.

I send apologies in advance to those people think that content calendars and scheduled publishing is bad. I think that it’s better to publish live than schedule, and I also feel that it’s better to set ideas in advance and follow through on those ideas when you are trying to drive sustained, measurable success. So perhaps these two goals are at odds, and perhaps not. In the meanwhile, we all need a better content calendar than just dumping everything in a Google Spreadsheet.

There are good signs – when I asked this question on Twitter – I heard from Meshfire, Relaborate and Brightpod. I also asked a group of about 5400 community manager types and got some great answers. And I also got the feeling that there are few people out there who are managing the publishing of multiple content authors in multiple channels in multiple campaigns having a simple workflow for approval with the precision and information that they are using to manage their email marketing campaigns.

What does this mean overall? Two words: Market Opportunity. Someone needs to build a content calendar and management service for normal people that is as easy as managing your blog posts in WordPress. That service needs to handle scheduling, analytics, and content funnel management for multiple people and campaigns across multiple channels. If this service already exists, I’d love to know about it so that I can use it.

Create a free website or blog at

Up ↑

%d bloggers like this: