Alan Cox > > Does anyone have any evidence, anecdotal or formal, > about how different password strength requirements > impact the usability of a web-based application? <snip> > > Our security purists here want "really strong" passwords <snip>
At its heart, a request for a password is just another question on the form. Your users' willingness to tangle with the question will depend on: 1. Who "you" are - how much they trust you, what the organisation is offering etc 2. What users want to do - its importance to them, whether they can choose to go elsewhere etc If you look back at the previous thread, you'll see a protest that the password process for a bank site was too easy - that's typical. It's also typical for users to treat password processes with annoyance, contempt, and bailouts if they think that they are inappropriate in the context of who is asking for a password and what they want to do. There isn't a 'sweet spot' that works for everything. There may be a 'sweet spot' that works for your particular type of application, your target users, and your organisation. To find out: - Go and find other similar applications and organisations. Find out what they do. Use that as inspiration for your design. - Usability test and test again. Your users may be different, your offering with certainly be slightly different (or very different), and the test results will certainly help you in your discussions with the security people. Best Caroline Jarrett www.formsthatwork.com "Forms that work: Designing web forms for usability" foreword by Steve Krug ________________________________________________________________ Welcome to the Interaction Design Association (IxDA)! To post to this list ....... [email protected] Unsubscribe ................ http://www.ixda.org/unsubscribe List Guidelines ............ http://www.ixda.org/guidelines List Help .................. http://www.ixda.org/help
