You Suck at UI

Identifying bad UI on Desktops and the Internets.

Posts tagged security

May 20
This one is very simple: never, ever require that your users shorten their passwords. You should encourage them to use the longest password they can possibly manage. Security is hard—don’t make it harder by placing arbitrary size limits on them. Bonus: when you tell me I can’t enter a password that’s longer than 12 characters, it sets off the amateur hour alarms in my head. I sure hope you’re hashing it, and modern hash algorithms aren’t limited to 12 characters. Hire developers who know what they’re doing.

This one is very simple: never, ever require that your users shorten their passwords. You should encourage them to use the longest password they can possibly manage. Security is hard—don’t make it harder by placing arbitrary size limits on them.

Bonus: when you tell me I can’t enter a password that’s longer than 12 characters, it sets off the amateur hour alarms in my head. I sure hope you’re hashing it, and modern hash algorithms aren’t limited to 12 characters. Hire developers who know what they’re doing.
Posted at 9:27 PM 1 note Tagged: rackspacewebpasswordsecurity

May 5
PayPal (again with the stupid middle-of-the-word capitalization) is owned by eBay (ahem). I know this. You might know this. It’s irrelevant to most people, though. PayPal is almost certainly one of the most phished sites in all of the Web. In the above example, PayPal has branded their site (on the paypal.com domain) as eBay. This is a horrible idea if they’re interested in training users to avoid phishing attacks. Even their own site considers this type of activity to be potentially fraudulent.

PayPal (again with the stupid middle-of-the-word capitalization) is owned by eBay (ahem). I know this. You might know this. It’s irrelevant to most people, though.

PayPal is almost certainly one of the most phished sites in all of the Web.

In the above example, PayPal has branded their site (on the paypal.com domain) as eBay. This is a horrible idea if they’re interested in training users to avoid phishing attacks. Even their own site considers this type of activity to be potentially fraudulent.
Posted at 10:06 PM Tagged: websecurityphishingpaypalebay