Purely in reply to Pau's comic:
Unfortunately I saw too many password fields with a limit of maximum
length. Many are 16 chars and some are even 8 chars. I don't really know
their point: passwords are going to be hashed. Why does their original
length matter much?
On Apr 16, 2014 2:27 AM, "Pau Giner" <pginer(a)wikimedia.org> wrote:
My concern with the concept of "password
strength" approaches is that it
often encourage passwords that are harder to remember (e.g. forcing the
user to use caps underscores, etc.).
I think it would be better to encourage the use of passphrases instead: An interesting
article about making usable and secure
passwords<http://www.baekdal.com/insights/password-security-usability>… that
password based on sentences with 3 or more words such as *"this
is fun"* are ten times more secure than cryptic combinations of numbers
and letters such as *"J4fS<2" *(there is also a xkcd version of the same
idea <http://xkcd.com/936/>).
The shared approach tries to visualise both how strong and whether you
typed the correct password (by displaying always the same colours given a
specific password). The last part was something similar to what the old
Lotus Notes did by displaying different icons of keys next to the password
field. That could be slightly useful to anticipate errors but have an
impact of initial confusion until the user understands what it is about.
Pau
On Tue, Apr 15, 2014 at 8:03 PM, Steven Walling <swalling(a)wikimedia.org>wrote;wrote:
On Tue, Apr 15, 2014 at 4:52 AM, Yuvi Panda <yuvipanda(a)gmail.com> wrote:
I ran into an Android implementation of
http://mattt.github.io/Chroma-Hash/ lately, and was wondering if
experimenting with that would be a good idea for the Android app.
Thoughts?
A password strength meter would be awesome, but I think this one is a
little weird. Typically,[1] these use a much simpler color scheme,
potentially combined with words.
An even simpler implementation that would be good for core as well as
apps would be clientside validation of the password length. Soon we're
going to be upping the limit to six bytes/characters, so a simple "too
short" message might be good to get implemented.
1.
http://ui-patterns.com/patterns/passwordstrengthmeter
--
Steven Walling,
Product Manager
https://wikimediafoundation.org/
_______________________________________________
Mobile-l mailing list
Mobile-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mobile-l
--
Pau Giner
Interaction Designer
Wikimedia Foundation
_______________________________________________
Mobile-l mailing list
Mobile-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mobile-l