i am fine with 10 case sensitive alphanumerical passwords...
if https is used (or any encryption).
one has to be user friendly... but not enemy friendly (easy to
crack paswords by guessing... dictionary attack).
information design
...but first architecture...
it is all about the branding
Combination of 2 buttons, like shift one letter, do increase the
hassle. In the term of action, no matter digit or letter, any button
equates each other cuz the action required are all to click once. But
regards to memory, combination of letter and digit certainly adds to
the load.
Some websites
For those who are interested in this subject, I know some people who are
working on the problem:
http://usable.com/
Also, you might want to check out the SOUPS conference:
http://cups.cs.cmu.edu/soups/2009/
Cheers,
J.A.
As always, this is a matter of when the cure is worse than the disease.
For most non-transactional websites, requiring a strong password is
overkill. In fact, having a password at all is overkill. The job
application scenario someone mentioned above is one example. Is the user
served in any
Well said Eva... my point exactly.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Posted from the new ixda.org
http://www.ixda.org/discuss?post=34957
Welcome to the Interaction Design Association (IxDA)!
To
Chris wrote
`Amazon DOES have minimum password requirements:
I tried to change my current password to easy... `
Amazon does not tell you that you HAVE to include atleast 1 digit or
any capital letters in your password. The user experience is amazing.
One can buy items by clicking 3 times only...
Many of you might have tried creating an account online in order to
participate in an online forum or in order to apply for a job in a major
corporation.
Many times a password needs to consist of the following-
A capital letter
A digit or sometimes 2 digits
Minimum 8 Characters
The password must
Here's the programmer-sympathetic counter to what you're saying.
Users tend to choose the easiest-to-type passwords. These passwords also
tend to be the easiest to break in to.
No end-user is willing to take responsibility for a compromised system.
None.
The potential cost of
Hello Mark,
as I stated earlier the `regular expression` needed in order to
prevent misuse should allow a user to use the same digit in his/her
password as used in the username.
When I took the course PHP and MYSQL I learned that `regular
expressions` can be used in a userfriendly manner.
. . .
Mark Canlas wrote:
No end-user is willing to take responsibility for a compromised
system.
Asking users to choose a password compels them to take
responsibility. Their cost/benefit judgement (strong vs. easy to
remember password in regard to their perceived value of what is at
stake) should be
On Tue, Oct 28, 2008 at 7:09 AM, Mark Canlas [EMAIL PROTECTED] wrote:
Here's the programmer-sympathetic counter to what you're saying.
Users tend to choose the easiest-to-type passwords. These passwords also
tend to be the easiest to break in to.
All of my strong passwords are easy to type
Very recent suggestion I have provided in my current project, which I
felt reasonably good solutions to overcome this password remembering
hassle.
I agree with this issue, me also forgetting password for so many
websites and application where my password is not come into my
password generating
These strong password requirements were not invented by evil
programmers designed to thwart the heroic efforts of usability
experts across the globe...
It is one of the minimum due diligence requirements (PCI) for
merchants who want to accept major credit cards online.
If a user has ADHD, then there is software to help them keep (and
even create) strong passwords.
I usually just use this one: ••
;-)
Welcome to the Interaction Design Association (IxDA)!
To post to this list
Chris Vestal wrote:
http://usa.visa.com
It is not about security through inconvenience but there are
real technical reasons for strong passwords at least on e-commerce
sites.
Usually is about inconvenience *instead* of security. The most
commonly used security metric is how safe users feel they
So you would advocate letting users set blank or English-word passwords? The
user may think these are secure enough. But what will they think when
their funds are depleted by someone who broke into their account?
On Tue, Oct 28, 2008 at 2:41 PM, Santiago Bustelo
[EMAIL PROTECTED]wrote:
Chris
to Mark,
you have to keep in mind that my post was concerning Online Forum and
Job Application passwords. I did not mention B2B or any other site
where credit card information is needed.
Lets for instance say that I am a Nigerian mother wanting to discuss
children in a forum for mothers. Why
Reality Check - Card-issuing banks and VISA/Mastercard are NOT the
same thing.
While you are correct that two algorithms can measure the
strength/weakness of a password differently, the financial
responsibility is NOT ultimately with the user, but it rests
currently on the merchant and
We may be talking about different things here. Never said strong
passwords are an inconvenience.
Ali Naqvi started this thread asking: Why cant a username
'ABS_4u' have the following password 'Malemodel_14?
Strong password: for passwordmeter.com's algorithm, 'Malemodel_14'
strenght is sufficient
19 matches
Mail list logo