Usability researcher Jakob Nielsen’s recent column advocates a fundamental change to password field design on the web. He believes that the time has come “to show most passwords in clear text as users type them,” abandoning the traditional approach that displays a series of asterisks or bullets in place of the actual password.
Nielsen’s controversial proposal demonstrates the principle that most design decisions require trade-offs. User goals and business objectives do not always intersect. Security, usability, and aesthetic concerns often compete. We must set priorities and balance these interests to achieve the best results in each situation.
Security issues are particularly difficult to deal with because they’re an annoyance. We just want to let people get at the great tool we’ve created, but instead we have to build barriers between the user and the application. Users must prove their identities. We can’t trust any data they provide unless it’s been thoroughly sanitized.
Unfortunately, this is reality. A great deal of web traffic really is malicious, and sensitive data gets stolen. Typically, we ask users to supply a username (often an e-mail address) along with a password to sign in to an application. The username identifies the person, while the password proves that the person submitting the username is indeed the one who created the account. That’s the theory, based on two assumptions:
A password will never be visible outside the mind of the person who created it.
Both the username and password can be recalled from memory when needed.
This approach places a significant cognitive burden on people who use websites that require authentication. In general, we get by remarkably well, but it’s easy to see the weaknesses in the system. Passwords that are easy to remember are also easy to guess. When people are forced to choose strong passwords, they’re more likely to either write them down or forget them. The usual response is a password reset mechanism, which naturally undermines the strength of the entire system. It doesn’t matter that my password is encrypted with the strongest ciphers known to man when it can simply be reset by anyone who knows which high school I attended.
This is one of the reasons that Nielsen suggests abandoning password masking. People get frustrated and often reset passwords that they haven’t actually forgotten simply because they’ve mistyped. Providing clear feedback with unobscured letters will reduce errors, improve the user experience, and lessen the need for insecure alternatives.
However, making such a sweeping change to a fundamental user interaction could present serious problems. Consider some contexts in which a password might need to be entered in front of a large group of people, such as while using a conference room projector. And many years of web experience have set user expectations on how form elements should work. People understood that password masking was invented for their security. Failing to meet that expectation might undermine confidence, and we cannot afford to lose our users’ trust.
Proceed with caution
When dealing with such a fundamental area of the web experience, we need to be careful because we’re dealing with deeply conditioned expectations. The username/password method of securing web applications isn’t perfect, but there are few good alternatives and it’s become the standard approach. We can best address the usability concerns of password fields by testing incremental changes like these to extend default behavior—without compromising the basic experience and losing the trust of our users.
http://www.alistapart.com/articles/the-problem-with-passwords/
0 comments:
Post a Comment