At any given moment, Bart Simpson could be able to answer all the asked questions to impersonate his father and purchase online an expensive Tommy & Daly relique.
As of the IP, in the company I work for we are hundreds, and we all share the same IP, or few IPs. It's at home that we share a public IP number among a few users. On the other hand, secure passwords are made of not only the 26 alphabet lowercase letters but also the 26 uppercases and the 10 digits and the keyboard shifting needed to change case. This shifting difficults the work of one that´s looking over your shoulder while you type. I get good security marks for passwords like "ILikeThisOneSince2008". As of the original request, displaying the rules is a must. I'd show a bulleted list and would change to light gray the rules already complied to. The wording of these texts has to be done with extreme care to make them illustrative but not lengthy, prefer synthesys before completness. As of the 2 out of 3, I'd slap an "ACCEPTED" banner when appropriate. Also, I'd show several examples of compliant passwords to stimulate the shy users. -- Juan Lanus On Fri, Oct 24, 2008 at 2:31 PM, J. Scot Angus <[EMAIL PROTECTED]> wrote: > I rather like the reminder question and answer that users write themselves > as a first measure after the first failed login attempt... I also like, in > the event of a subsequent failure, the "we'll email you a link to reset your > password" approach, which, combined with IP logging and the series of > identity verification questions (e.g., mother's maiden name, street lived on > when born, etc.) works well without compromising too much. Correct answers > to even more verification questions could allow the user to specify a new > email address (but not preclude a warning/notice message to the old address, > of course) in the event they no longer have access to the email account used > when they set up an account on your system. > > I don't like using phone numbers and such for verification questions (well, > for anything other than banking and the like) because it's dependent upon > keeping the account up to date (and you generally do keep these up to > date).. otherwise you have to remember what phone number you used (did I use > my work number, and if so which one -- I have three.) Same goes for street > address and the like. your favorite color can change over time. the name of > your first pet, or street your parents lived on when you were born won't. > > .02 > > > > On Oct 24, 2008, at 6:20 AM, Jeff Garbers wrote: > > On Oct 24, 2008, at 8:36 AM, JimH wrote: > >> .. I find it so irritating when sites don't tell the rules (and they're >> all different) until after your first or second attempt violates them! >> > > I'd like to add an appeal for password requirements to appear after a > failed logon attempt, not just when changing or entering a new password. > Letting users know those requirements may help them remember a forced > variation on a password they usually use. Not that I'd ever use the same > password on more than one system, of course, but I hear that *some people* > do that...! > ________________________________________________________________ > Welcome to the Interaction Design Association (IxDA)! > To post to this list ....... [EMAIL PROTECTED] > Unsubscribe ................ http://www.ixda.org/unsubscribe > List Guidelines ............ http://www.ixda.org/guidelines > List Help .................. http://www.ixda.org/help > > ________________________________________________________________ > Welcome to the Interaction Design Association (IxDA)! > To post to this list ....... [EMAIL PROTECTED] > Unsubscribe ................ http://www.ixda.org/unsubscribe > List Guidelines ............ http://www.ixda.org/guidelines > List Help .................. http://www.ixda.org/help > ________________________________________________________________ Welcome to the Interaction Design Association (IxDA)! To post to this list ....... [EMAIL PROTECTED] Unsubscribe ................ http://www.ixda.org/unsubscribe List Guidelines ............ http://www.ixda.org/guidelines List Help .................. http://www.ixda.org/help
