Different websites have different password requirements
- Some are content with a combination of just lower case words
- Some require a combination of lower case and upper case words
- Some require numbers in your password
- Some require special charecters
Now I have a number of different passwords modified to suit the website requirements but I often get mixed up about whether the password was
word@%(some numbers) or just word(some numbers)
and I end up often resetting my password or not even logging in.
Now my question is would be wrong or bad design to display the password guidelines next to the login screen ? I understand it might actually make it unsafe to an extent since it also gives guidelines to someone with malicious intent about how a password might be structured but is this a case where security trumps usability or what is the equitable balance between the two.
Edit: Please note that I am talking about the scenario of password guidelines being displayed when a person is trying to log in (having established an account) and not when he is trying to sign up ( I strongly believe password guidelines are very important then)
Answer
I think it's a great idea!
On numerous occasions I have forgotten a password, and made as if I wanted to create a new account in order to see the password guidance and determine what rules I might have used in order to create my password in the first place. (Yes, I'm aware of various options to manage my passwords.)
Sometimes that even involves having to use another browser on which I've never logged in before. (Stack Exchange is especially annoying because a proper log out actually logs you out on all devices, not just the current browser. I don't want to log out unless I'm sure I can remember my password.)
So here's an example from UPS of where it would be useful; you get a great big list of password restrictions when you create an account:
When you log in later, all you get is this below (you already entered the username on a separate screen!). There's loads of space and it would be so easy to use the same password hints on the login screen. The log-in screen is available from the home page so it's not like this is hard-to-find information, and anyone doing any real jiggery-hackery will be well aware of the restrictions anyway — they're not daft, not by a long shot.
So, yup: go for it. Great idea!
No comments:
Post a Comment