Friday, Mar 11, 2005
Okay, aside from the larger problems of having to have passwords at all, the need for multiple passwords to prevent your global security being lowered to the scruples/security of your weakest content provider, frequency attacks, and all the rest, my biggest peeve is entirely the site owner's fault, and is so easily fixed.
The following scenario happens to me at least twice a month:
Leaving aside the dumbfounded wonder of why my newspaper identification account has to be so secure as to necessitate password-acceptability constraints (Oh no! Someone is reading the news while pretending to be me!!), I ask you: how hard would it be to help out the user by reminding them of the idiosyncratic password constraints of your site after they enter the wrong password the first time? ("Your password was incorrect. Remember, SJ Merc passwords are at least 6 characters, one of which may not be a letter.")
For one of the most common design patterns on the web, it's amazing this one is usually so poorly implemented and non-standardized.
If you like it, please share it.
Hi, I'm Kevin Fox.
I also have a resume.
I'm co-founder in
The Imp is a computer and wi-fi connection smaller and cheaper than a memory card.
We're also hiring.
©2012 Kevin Fox