Purely in reply to Pau's comic: Unfortunately I saw too many password fields with a limit of maximum length. Many are 16 chars and some are even 8 chars. I don't really know their point: passwords are going to be hashed. Why does their original length matter much? On Apr 16, 2014 2:27 AM, "Pau Giner" <[email protected]> wrote:
> My concern with the concept of "password strength" approaches is that it > often encourage passwords that are harder to remember (e.g. forcing the > user to use caps underscores, etc.). > > I think it would be better to encourage the use of passphrases instead: An > interesting > article about making usable and secure > passwords<http://www.baekdal.com/insights/password-security-usability>suggests > that password based on sentences with 3 or more words such as *"this > is fun"* are ten times more secure than cryptic combinations of numbers > and letters such as *"J4fS<2" *(there is also a xkcd version of the same > idea <http://xkcd.com/936/>). > > The shared approach tries to visualise both how strong and whether you > typed the correct password (by displaying always the same colours given a > specific password). The last part was something similar to what the old > Lotus Notes did by displaying different icons of keys next to the password > field. That could be slightly useful to anticipate errors but have an > impact of initial confusion until the user understands what it is about. > > Pau > > > On Tue, Apr 15, 2014 at 8:03 PM, Steven Walling <[email protected]>wrote: > >> >> On Tue, Apr 15, 2014 at 4:52 AM, Yuvi Panda <[email protected]> wrote: >> >>> I ran into an Android implementation of >>> http://mattt.github.io/Chroma-Hash/ lately, and was wondering if >>> experimenting with that would be a good idea for the Android app. >>> Thoughts? >>> >> >> A password strength meter would be awesome, but I think this one is a >> little weird. Typically,[1] these use a much simpler color scheme, >> potentially combined with words. >> >> An even simpler implementation that would be good for core as well as >> apps would be clientside validation of the password length. Soon we're >> going to be upping the limit to six bytes/characters, so a simple "too >> short" message might be good to get implemented. >> >> 1. http://ui-patterns.com/patterns/passwordstrengthmeter >> >> -- >> Steven Walling, >> Product Manager >> https://wikimediafoundation.org/ >> >> _______________________________________________ >> Mobile-l mailing list >> [email protected] >> https://lists.wikimedia.org/mailman/listinfo/mobile-l >> >> > > > -- > Pau Giner > Interaction Designer > Wikimedia Foundation > > _______________________________________________ > Mobile-l mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/mobile-l > >
_______________________________________________ Mobile-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mobile-l
