Tag Archives: usability

On Passwords (Usability and Security)

Passwords have barely evolved since the early days of computing and are taken for granted in our daily online-lives. It’s time for change, says usability expert Jakob Nielsen, who believes password masking goes against basic usability principles and should be stopped (via Kottke).

Providing feedback and visualizing the system’s status have always been among the most basic usability principles. Showing undifferentiated bullets while users enter complex codes definitely fails to comply.

Most websites […] mask passwords as users type them, and thereby theoretically prevent miscreants from looking over users’ shoulders. [However], there’s usually nobody looking over your shoulder when you log in to a website. It’s just you, sitting all alone in your office, suffering reduced usability to protect against a non-issue.

Nielsen suggests that password fields should be plaintext by default, with a checkbox available for when a user would like to turn masking on. Ignoring the usability issue of adding a new and unexpected item to a form, and ignoring the social ramifications of such a change (explicitly displaying lack of trust by turning masking on around friends), do lengthy, supposedly ‘strong’ passwords increase online security anyway? (pdf, via Schneier)

Strong passwords do nothing to protect online users from password stealing attacks such as phishing and keylogging, and yet they place considerable burden on users. Passwords that are too weak of course invite brute-force attacks. However, we find that relatively weak passwords, about 20 bits or so, are sufficient to make brute-force attacks on a single account unrealistic so long as a “three strikes” type rule is in place. Above that minimum it appears that increasing password strength does little to address any real threat.

Secret questions aren’t much better, either.

The Experience Response

Mark Hurst, author of Bit Literacy and host of the Gel conference, takes a look at Microsoft’s Bing and discusses the problem with Microsoft’s current strategy and ways they can improve.

Customers online don’t respond to a brand marketed to them, they respond to the experience they have. If they can accomplish their goal quickly and easily, they return to the site, and tell their friends. It’s that simple. And if one site already provides a good experience, then there’s no need to consider switching to some other site, no matter what the company brags about itself in its ads.

In the context of what’s being discussed (Microsoft’s recent advertising) I couldn’t agree more with the above sentiments (out of context, however, I feel it’s not entirely accurate).

Call-To-Action Buttons

Call-to-action buttons are the buttons that web designers want visitors to click when interacting with their site (Signup, Purchase, Download, etc.).

Tips on how to design these abound on the Internet, but David Hamill’s overview on how to design good call-to-action buttons and the difference they can make is one of the best I’ve seen recently.

The note on how subtle changes to Laura Ashley’s ‘shopping basket’ made clickthroughs increase by 11% reminded me of an article (via Kottke) on how Jared Spool changed the text of a submit button for a major ecommerce site, making them an additional $300 million in one year.

via Good Usability

Design Patterns for Errorproofing

Persuasive technologies are those which are designed to change the attitudes or behaviours of users. Errorproofing, on the otherhand, is concerned not with behavioural change, but in ensuring certain behaviours are met.

Errorproof technologies, then, are those which “[make] it easier for users to work without making errors, or [that make] errors impossible in the first place”.

Dan Lockton of the excellent Design with Intent compiles a list of eight design patterns for errorproofing a system:

  • Defaults
  • Interlocks
  • Lock-in/out
  • Extra steps
  • Specialised affordances
  • Partial self-correction
  • Portions
  • Conditional warnings

Usability Tips for Your Website/Blog

Tom of I’d Rather Be Writing—the ‘technical communication’ blog—has just written-up twenty usability tips for your blog.

I’ve been doing research on what distinguishes good blogs from poor ones, especially by reading “lessons learned” posts by bloggers. I’ve come up with 20 principles I think are worthwhile.

  • Encourage comments
  • Include an About page
  • Keep posts short and to the point
  • Link abundantly
  • Include a list of related posts beneath each post

The Resources section towards the end of the post links to a wealth of further information. Reading this, I was put in mind of Seth Godin’s recent call for web podiatrists.