[IxDA Discuss] "Wrong password"

George Schneiderman schneidg at earthlink.net
Fri May 26 11:52:51 PDT 2006 

A lot depends on how secure the site needs to be.  At a bank, for instance, you will almost certainly want to follow security "best practices", which typically means error messages that provide very little specific information, such as the ability to distinguish between a non-existent username versus the wrong password for a valid username.    

My feeling is that if the site doesn't need particularly high-level security, it is best to provide various error messages that do distinguish between those situations, and also to tell the user if the account in question has been locked due to an excessive number of failed login attempts, and also to warn the user how many more tries he has before he gets locked out.  If the security profile of the site allows it, I also recommend using an error message that identifies the rules governing valid passwords, e.g., letters and digits only, case-sensitive, must be between 8 and 15 characters with at least one digit (a separate error message to handle a login attempt with a non-compliant password is probably overkill).   

--George


-----Original Message-----
>From: Billie Mandel <billieslists at gmail.com>
>Sent: May 26, 2006 2:27 PM
>To: discuss at ixda.org
>Subject: [IxDA Discuss] "Wrong password"
>
>[Please voluntarily trim replies to include only relevant quoted material.]
>
>Hi fab folks -
>
>Straw poll of the day:
>What are your favorite (and least favorite) error messages/error
>handling scenarios for our oh-so-beloved use case, "user enters
>incorrect password"?
>
>Yours curiously,
>- Billie
>________________________________________________________________
>Welcome to the Interaction Design Association (IxDA)!
>To post to this list ....... discuss at ixda.org
>List Guidelines ............ http://listguide.ixda.org/
>List Help .................. http://listhelp.ixda.org/
>(Un)Subscription Options ... http://subscription-options.ixda.org/
>Announcements List ......... http://subscribe-announce.ixda.org/
>Questions .................. lists at ixda.org
>Home ....................... http://ixda.org/
>Resource Library ........... http://resources.ixda.org

More information about the discuss mailing list