Entries Tagged as “usability”
Tips For Better Password Security
In the last few months I have had a few people tell me that their web based email accounts or other web based services had been hacked into. Their accounts taken over by crooks or criminals and in one case (my aunt) her H&R Block credit account liquidated. When I asked about their passwords they admitted that it was an easy password to guess. Often times we don't think about security until it's too late. With web based systems, cloud computing, and other mash ups I think it's about time we revisit the idea of a strong password.
How do hackers get my password?
More often than not, hackers gain access to your accounts because the password you selected was far to easy to guess. By "guess" I mean it's probably a dictionary word or a variation of a dictionary word. Hackers don't just sit behind a keyboard and type random words from a dictionary into your login page. No, they use complex tools that run automated attacks against a websites login function until they get lucky. Having an easy to guess password, one that can be found in a dictionary is like handing the hacker keys to your accounts.
Another method of cracking a password is through "social engineering". This is where the hacker attempts to use or manipulate data that put out for public display. Like social websites, instant messengers and email. They may try to manipulate people into divulging confidential information or use the information to guess passwords, or security questions. In a time where many people use social sites to stay connected, we need to be cautious that the person on our friends list is really our friend.
What's Makes A Password Bad?
Unfortunately the list of things that make a password bad is pretty long. I wont create a long list here. If your interested GeodSoft has a pretty comprehensive list and I am sure there are plenty other sites out there with their own lists. Here are a few of my basic rules.
- Don't use personal info, account names, or any information that could be found on a social site, or address book. No phone numbers, names of spouse, children, or pets. Streets you lived on as a child, birth dates, or social security numbers.
- Don't use a word that is in the dictionary. This includes other languages. Not even words that have letters replaced with symbols or digits. For example: P@s5w0rd is way to easy to guess.
- Don't use a word in reverse or swap the first and last letters.
- Don't append or prepend a number to the dictionary word.
- Don't think your slick by doubling up on letters in a word too. "wwoorrdd" is still an easy guess.
- Lastly, a bad password is one that you will forget. So if it's not memorable, then it's all pointless.
Creating Memorable Passwords
Creating a memorable password is easy, creating one that is difficult to guess but still memorable take a bit more work but it's still pretty easy if you use some techniques to help you remember.
The best passwords are at least eight characters in length, contain upper and lowercase letters, numbers, and a special character. With this in mind lets construct a password that is both memorable and difficult to guess.
One method I use is to think of a phrase or a quote that is memorable to me. For example my football coach used to always say to us defensive players. "You have to stick it to them and drive, drive, drive!" I can still hear his voice ringing in my ear. Using this phrase I might construct a password like "Uh2stic&D,D,D!"
Repurpose With Layers
Because creating a good password takes a bit of thought, I like to repurpose the same password on several sites. Normally this is not a good idea, but let me explain.
I think of the sites I use in terms of layers. There are some sites that I don't use often or sign up for and then forget about. Then there are sites that I use often, they may contain personal information, but not connected to any sensitive info. Then there are sites like banks, email, and other services that store or use my sensitive information as part of the service like paypal, or a credit reporting site.
Because creating a strong password is only good if you can remember it. I create three levels of passwords. One for the fly by night sites that I visit and sign up for. This one might be easy to remember and type quickly It may not be the safest password, but I probably don't care if someone wants to hack into IconBuffet account. It's also not uncomon for these outer layer sites to restrict passwords to only letters and numbers, as special characters might create programming challenges that the creators don't feel is important enough to fix. For these Outer layer sites I might use "yh2st1ck" as my password. It's easy enough to remember but unique enough to challenge a would be hacker.
A second layer password that is more difficult yet. I might use this for social sites, or sites that may contain personal information or access to my friends and contacts that could be used in a social engineering attack. For a second layer password I might use "UH2s&dDD!"
And lastly, the highest layer needs a really strong password for banks, email accounts, or other systems that use sensitive information. This might be the strong password I mentioned earlier like "Uh2stic&D,D,D!"
To reiterate my point. My reasons for recommending this technique are to make all your passwords memorable so that you don't write them down on a scrap piece of paper or put them into a password file on your computer. It's also better to have three passwords that are safer and more secure than one to ten passwords that are easy to guess.
Tools For Generating & Testing Memorable Passwords
If your finding it difficult to create a memorable password or not sure the password you picked is as safe as you think it is, there are tools out there to help you.
Password Assistant – Macintosh utility built into the OS
The memorable random password generator
Password Security Meter
Microsoft Password Checker
Macintosh Password Assistant
My personal favorite utility is the password assistant. It's built into the OS, and thanks to the gurus at Code Poetry, they have created a simple utility to call the password assistant without having to access the accounts preference pane. Here is a screenshot of the utility and a sample of the suggested password. It also gives you a visual meter of your passwords quality.
What I really like about this utility is it's ability to can give you useful feedback when your password is too weak. For example here is the word "rocking" with the typical number replacement on the letters "o" and "i" As you can see the Password Assistant instantly recognizes this as a dictionary word and alerts you in the Tips field allowing you to modify your password to something a bit more secure.
→ Respond NowTags: General · Inspiration · usability
Apple's Obsession With Removing Buttons
It seams that as of late, Apple has been obsessed with removing buttons from their devices. They are acting like the crazy parents obsessed with removing all sharp corners from their house when they have a child. Was Steve Jobs attacked and injured as a child from a rogue button?
In the last two years Apple has been grooming consumers for a buttonless revolution. The iPhone, though having buttons itself focuses more or non tactile usability. Earlier this year we saw the laptops go buttonless. Now the iPod Shuffle.
I personally did not care much for the buttonless laptop. I felt the system did not work as good and needed more time being tested for usability. Apple has always been on the forefront of design and usability and being able to put them into the same package has always been a strong point for them. This time around I am not so sure. I know I would feel more comfortable recommending an last years model to someone purchasing a laptop for the first time.
The 3rd generation iPod announced today really makes me wonder if it's really necessary to reinvent the wheel? Unless of course your making a better wheel. Maybe I am being quick to conclusions as I have not actually seen the new iPod Shuffle but let me point out a few things that I noticed right away. A few things that have me concerned about this product.
Why on earth would you take the buttons off of the device and put them on to the headphone cord? I don't know about you, but I personally think the earbuds are mediocre at best. The first thing I did when I got my iPod was buy some real headphones. Putting the controls on the cord just means that if you buy a shuffle you have to stick to the earbuds supplied until third party manufactures catch up and ship an alternate product. No doubt you will have to pay a premium for them to boot. Do we really need another iPhone headphone debacle? Didn't we learn something from this or do we need to do it all over again.
→ Respond NowTags: Design · Software · usability
Standing Aginst Auto-Focus Inputs
In the last few months I have read a number of articles from some major sites that appear to promote or advocate the use of an auto-focus input when a page loads as a "technique to improve your user interface". The technique usually relies on some form of onload event for the body tag to set the focus to a search field or a login field.
I will say right now this is not a good practice at all. Unless your creating a site (or page) where the first task a user should take is to search for something or login, this is a very bad thing to do. This technique is one that I would personally lump in an article more appropriately titled "10 things to kill your user interface designs"
→ Respond NowTags: Accessibility · usability
Don't Be A Bad Javascript User
Let me start off by saying that this is not going to be a javascript bashing article. I don't hate javascript, in fact I really do like it a lot--- although the title of this article may seem to the contrary. There are many javascript libraries that do really cool stuff. I love that many of these scripts enhance webpages without requiring the use of flash.
The problem I have been encountering lately has more to do with the improper use or implementation of javascript. I think there is far to much whiz-bang stuff being added to many of todays modern websites without considering the impact on users. I feel it's important that before you add a script or a feature to your site that you stop and ask yourself: Is this thing I am about to add to a site going to help my visitors or hurt them? Does it add any value to for the user? Does it hurt them if it's not there? Will it only cause more confusion?
Rather than just talk about it, I have compiled a few video clips to help demonstrate some bad uses of javascript.
→ Respond NowTags: Accessibility · Code · usability
Mobile Web: Surfing The Web Distraction Free
A few weeks ago I downloaded the Myspace & Facebook apps for my iPhone. Not because I am overly active on either of those sites, but rather just curious about the apps. To my surprise I found them very enjoyable. Much more so than going to the actual website. Gone was the advertising, and was red and blue text on black background, gone was the lame music that starts playing at full volume when I enter the page. Each time I go to the profile page. (urg! I hate that) Also gone… Advertising, pop-ups, annoying flash banners! Oh, yes this is my kind of heaven! I actually found surfing these sites a pleasure once more.
The Epiphany
Checking out these apps, a little closer, they appear to be accessing a mobile version of their sites, just made to look pretty and clean for the small browser. That's when it hit me. Hallelujah! most every mobile version of a site can be accessed via your standard web browser. This means you can access ad free, distraction free, music free versions of your favorite sites online. You do not need a mobile phone to access many sites, just a normal web browser.
With the popularity of mobile phones increasing, Most major sites offer mobile versions of their sites, the trick becomes finding the link or just guessing it. Most of the time it's just their regular domain name with a prefix of "mobile" or "m" instead of the "www". Some sites like Amazon make theirs a bit more tricky to find, and MSN does a redirect when trying to access their site on a non mobile device. Most likely to prevent people from circumventing their ad revenue. All it all it's not difficult to find these mobile versions once you know what to look for.
Links for Reference
Here are a few sites that I visit on a regular basis and have discovered that their mobile versions are better suited to a positive user experience and increased productivity over their full web versions.
- http://m.facebook.com
- http://m.myspace.com
- http://www.bbc.co.uk/mobile
- http://m.news.com
- http://m.cnn.com
- http://m.sacbee.com
- http://www.cbsmobile.com
- http://www.amazon.com/gp/aw
- http://m.youtube.com
- http://mobile.fandango.com
- http://m.netflix.com
- http://m.google.com
- http://us.m.yahoo.com
- http://weather.mobi
- http://m.wund.com
Feel free to leave a comment with links to your favorite mobile sites that you find usefull.
→ Respond NowTags: General · usability
