> I'm looking at a similar issue. I found this on passwords, but haven't > looked in depth yet. > > http://www.humanfactors.com/downloads/jun04.asp
One of my questions right now is whether or not to enforce the password complexity rule. It is enough to inform the user that their password is weak, and let them go about their business if they so desire? Or do we force them to have a "strong" password that they may forget later? Security at the expense of usability, or usability at the expense of security? The article you liked proposes some good tips for users for creating passwords, but it doesn't help inform design much. I guess we could share tips about how to make a secure-but-easily-memorable password in a little help section, but I expect most people are so focused during a registration process that they wouldn't bother reading it. The passphrase technique is fabulous, but it's hard to explain that in a sentence, plus most people have a set of predefined passwords that they use on sites anyway. Personally I hate it when I'm forced to include at minimum 8 characters, one uppercase character, one lowercase character, a symbol, etc. My worry is that if we enforce this (as the project charter currently specifies!) that people will choose crazy passwords, forget them, and have to make numerous password retrieval requests, thereby degrading their experience on the site. Or perhaps it's not as big a deal as I'm anticipating? I'd love input. Meredith ________________________________________________________________ Welcome to the Interaction Design Association (IxDA)! To post to this list ....... [EMAIL PROTECTED] Unsubscribe ................ http://www.ixda.org/unsubscribe List Guidelines ............ http://www.ixda.org/guidelines List Help .................. http://www.ixda.org/help
