Design

stars and garters

One of my pet peeves is the little stars in password fields. As you all know, I am […]

One of my pet peeves is the little stars in password fields. As you all know, I am typing-challenged. I can’t tell you how often I make password mistakes, with no way to catch them since I can’t see the damn things. It has always struck me as engineering paranoia turned into a usability issue.

Password Usability & Typability is working on a solution…

He also offers excellent advice on password rules.

5 Comments

Add Yours
  1. 1
    Eric Scheid

    For web stuff I use the same throwaway password every time, and have it coded to a keyboard shortcut. For more secure stuff I use another password (with keyboard shortcut) with one or two digits at either the front or the end.

    The keyboard shortcuts mean I never make a typo 🙂

    For especially secret passwords I have something else entirely.

  2. 2
    Jared Spool

    I like how they brought you in to settle the argument. Real Solomon-like. 🙂

    Security (in general, passwords in specific) is about being unusable and inaccessible. Sometimes, we forget that usability is about including everyone in our target audience and security is about excluding almost everyone in the same audience.

    The idea of a ‘I’m Truly Alone’ toggle that allows me to see my password is interesting. However, it requires the user to always be aware of when they are being observed. The clever villian can bypass that awareness.

    How many times you have been startled because someone snuck up behind you (or even within your peripheral vision) while you were intently working at a machine? When someone is concentrating (ala Flow), they might not realize that they are no longer alone.

    Apparently, here in New England, a ring of thieves successfully stole hundreds of phone credit card numbers by setting up a discrete video camera in the ceiling above a public phone bank. All of those people thought *they* were alone.

    I’m always amused by the systems that have me type my password in encoded, then send it to me in plain text in the confirmation e-mail.

    The trick (which I don’t know how to do) is to come up with something secure that is also usable. I’m not sure that’s possible.

    Maybe biometrics??… I wonder when we’ll hear about the severe ocular damage caused by repeated retina scans??…

  4. 4
    Zen Haiku

    Password Previewing Tool version 2.0

    I’ve decided I may futz forever on the new and improved password previewing tool, so I’m releasing it for feedback. New features: Checks for hard to type letter combinations like

Comments are closed.