Archive for April, 2014

Single-Field Password Set/Reset: Threat or Menace?

April 28, 2014

This post is dedicated to everyone who ever had trouble logging into a website (myself included, way too many times) or whoever had their account hacked because their password was too simple (way too many friends and acquaintances, way too many times).

This is for us.

Dear website designers and programmers:

Every modern website adds new features. Google added Maps, Books, Street View. Yahoo! added its latest e-mail layout. Twitter added hashtags and now is thinking about revoking them, but has added line breaks. And, most importantly, I have the choice whether to use them or not.

Then there’s the We-Have-a-Great-New-Feature-and-You-Must-Use-It Syndrome. Think Facebook Timeline. Well, that doesn’t cost me any time and I got used to it. And it doesn’t slow me down.

(By the way, Yahoo! initially took away Yahoo! classic e-mail, but after not too long a delay, restored it, if I recall correctly. Thank you for listening to your customers, Yahoo!)

Now there’s a new We-Have-a-Great-New-Feature-and-You-Must-Use-It Syndrome feature.

Your wonderful new feature is giving me a negative view of your website. Negative enough to write a 3300-word blog post complaining – occasionally ranting – about it. What would your advertisers think of that?

Day by day your numbers are growing, User Interface (UI) designers following the siren, zombie call of this new feature.

I mean you, force-me-to-use-a-single-field-when-setting-or-resetting-my-password-UI website. Yes, you. You’ve turned simple inconvenience into dread.

Warning: This is a scattered, discursive essay. Much like my experience of dealing with passwords on your website.

My first draft was about 500 words. But, as I thought about the complexities of what you are asking me to do with regard to the care and feeding of my password, the article grew and it grew, much like the burden you’ve placed on me.

Please stick with it. I’ve done my best to make sure it will be worth it. And I’ve actually proofread it.

And, hey, if your response is TLDR (too long, didn’t read), feel free to skip to Here’s the ideal situation and hope your customers – isn’t it time we retired “users”? – aren’t saying Too Hard, Didn’t Log In.

Continue reading Single-Field Password Set/Reset: Threat or Menace?