Jakob Nielsen’s Alertbox today proclaims that we we should Stop Masking Passwords. He claims the usability costs are too high, especially on mobile devices where typos are more common.
I was skeptical, but he has some great points, the most important being that the greatest security risks when you are entering a password are really electronic—someone snooping your password through an unsecure connection. Someone watching your screen can just as easily watch your keyboard to see what keys you tap. But most of the time this is irrelevant, since you are at home and not really being stalked by an over-the-shoulder snooper.
And to cover the occasional Internet kiosk scenario, he suggests providing a checkbox that will let users decide whether they want to mask their password. I like it! Virtual equivalent of cupping your hand around the keypad at an ATM.
Now that I think about it, I have recently noticed that when I type a password on my mobile phone, it briefly shows the last character I typed before replacing it with an asterisk. (Is that an Opera Mobile feature?) That seems to be a concession to some of Nielsen’s points regarding mobile password entry. But I wonder whether it really makes sense either. If it’s visible to you briefly, then it’s visible to a snooper briefly too. But what are the chances that someone can see that teeny tiny text you are taptapping on your phone anyway???
So I guess he’s convinced me! Death to the Asterisk!
posted by
ted
on Wednesday, Jun 24, 2009
·
7 comments
8 More Sign-In Design Mistakes from Jared Spool, following up on his previous sign-in design article. My pet peeve out of this new list is Mistake #10: Requiring Stricter Password Requirements Than The NSA. I hate sites that make me think of a password so cryptic that I can’t remember it myself! Especially if I don’t think the data is worth safeguarding in the first place!!!
posted by
ted
on Wednesday, Jan 16, 2008
Jared Spool writes in a recent article, “Designing an account registration and sign-in process that doesn’t frustrate users turns out to be very difficult to achieve. It looks easy at the outset, but a pile of subtleties can sneak up on your experience, making something that should be simple become stressful for the users.” He’s right; something that should be so easy is so easy to get wrong. Here’s a summary of Spool’s “8 Design Mistakes to Avoid” for account sign-in, along with a few of my own observations:
- Mistake #1: Having a Sign-in In The First Place. I couldn’t agree more. I see so many sites that require a sign-in without providing any apparent value to the site, and (worse) no value to the user—a recipe for a zero return rate.
- Mistake #2: Requiring Sign-in Too Soon and Mistake #3: Not Stating the Benefits to Registering. People need to be motivated first. You have to show them at least some of the goods before they will entrust you with their time and information.
- Mistake #4: Hiding the Sign-In Button and Mistake #6: Not Providing Sign-in Opportunities at Key Locations. (No comment.)
- Mistake #5: Not Making “Create New Account” or “Forgot Your Password” a Button or Link. Between my wife and me, we probably forget at least one ID or password per week. How ‘bout you?
- Mistake #7: Asking for Too Much Information When Registering. Usually the designer wants a clean, straightforward experience, but someone on the business or marketing side wants to turn a legitimate registration need into a 10-page segmentation survey! Designers—push back! Convince the business side that you should ask the bare minimum, or wave goodbye to most of your registrants.
- Mistake #8: Not Telling Users How You’ll Use Their Information.
For more discussion and examples, see the full article . Also see Aaron Cannon’s post on the impact captchas could have on disabled users as part of a sign-in process.
Also see Spool’s follow-up article with 8 more sign-in design mistakes.
posted by
ted
on Friday, Jan 04, 2008
·
0 comments