home | books | articles | gleanings | case studies | hire
other sites: widgetopia | blueprints for the web | metafooder
« Jack unmasked? | main | yow, i think it's real »

stars and garters

One of my pet peeves is the little stars in password fields. As you all know, I am typing-challenged. I can't tell you how often I make password mistakes, with no way to catch them since I can't see the damn things. It has always struck me as engineering paranoia turned into a usability issue.

Password Usability & Typability is working on a solution...

He also offers excellent advice on password rules.

Posted at November 01, 2002 08:50 AM


Comments

 

For web stuff I use the same throwaway password every time, and have it coded to a keyboard shortcut. For more secure stuff I use another password (with keyboard shortcut) with one or two digits at either the front or the end.

The keyboard shortcuts mean I never make a typo :-)

For especially secret passwords I have something else entirely.

Posted by Eric Scheid at November 1, 2002 10:02 AM


~~~

I like how they brought you in to settle the argument. Real Solomon-like. :)

Security (in general, passwords in specific) is about being unusable and inaccessible. Sometimes, we forget that usability is about including everyone in our target audience and security is about excluding almost everyone in the same audience.

The idea of a 'I'm Truly Alone' toggle that allows me to see my password is interesting. However, it requires the user to always be aware of when they are being observed. The clever villian can bypass that awareness.

How many times you have been startled because someone snuck up behind you (or even within your peripheral vision) while you were intently working at a machine? When someone is concentrating (ala Flow), they might not realize that they are no longer alone.

Apparently, here in New England, a ring of thieves successfully stole hundreds of phone credit card numbers by setting up a discrete video camera in the ceiling above a public phone bank. All of those people thought *they* were alone.

I'm always amused by the systems that have me type my password in encoded, then send it to me in plain text in the confirmation e-mail.

The trick (which I don't know how to do) is to come up with something secure that is also usable. I'm not sure that's possible.

Maybe biometrics??... I wonder when we'll hear about the severe ocular damage caused by repeated retina scans??...

Posted by Jared Spool at November 3, 2002 11:31 AM


~~~

I want that toggle. If someone sneaks up behind me when I'm using my computer at home then I've got bigger problems than having my password exposed.

Posted by Daniel Wood at November 12, 2002 03:45 PM


~~~



Post a comment
*Name:


*Email Address:


URL:


Remember me?

Comments:

bold italic underline link


posting can be slow; please wait a few seconds before hitting the button again.

The extra-fine print
wording stolen by the more-eloquent-than-I kottke
The bold, italics, and link buttons (and associated shortcut keys) only work in IE 5+ on the PC.
Hearty discussion and unpopular viewpoints are welcome, but please keep comments on-topic and *civil*. Flaming, trolling, and ass-kissing comments are discouraged and may be deleted.
All comments, suggestions, bug reports, etc. related to the comments system should be directed to me.


mail entry to a friend

Email this entry to:


Your email address:


Message (optional):




« Jack unmasked? | main | yow, i think it's real »

 

 

 

home | books | articles | gleanings | case studies | hire
other sites: widgetopia | blueprints for the web | metafooder