I’m being punked, aren’t I? USAA, you’re fucking with me.
your ui sucks
I’m being punked, aren’t I? USAA, you’re fucking with me.
Dropbox - Password strength is indicated by colored bars underneath the input field.
UI that *doesn’t* suck – specifically, where they put the password strength bars. Doesn’t take up nearly as much room as most implementations I’ve seen.
Unless you’re a smartypants who’s been using KeepPass or LastPass for years, you’ve probably written down a password. And if you have, it’s probably been in response to what you considered to be unnecessarily onerous password creation or maintenance requirements.
As someone who’s worked for HIPAA-compliant companies, I understand this. I really do. Hell, I’ve been locked out of my email while traveling for work because the hotel internet connection was too slow and the code from my SecurID fob expired before it finished submitting. But think about the recent security breaches that have hit the news and ask yourself how many were the result of a weak password, and how many were the result of human error caused by frustration with or inability to comply with strict security requirements.
Human error comes in many forms. The aforementioned password written on a post-it and stashed under a keyboard. The laptop filled with unencrypted PII and left on the passenger seat of a car.
When you make it too hard for people to play by the rules, they break them. This is true in the physical world as well as the digital one.
If you make it hard for someone to buy or rent movies online legally, they’ll pirate them. If you make it complicated for people to pay taxes, they just won’t.
After a series of accidents involving right-turning cars striking bicycles at a particular intersection in Portland, the city put up a barrier and signage prohibiting right turns. Instead, drivers must drive half a mile further, turn and wait at a light, drive half a mile *back* to the original intersection, and wait at a light to turn left. It should come as no surprise that some drivers break this onerous rule, with the expected consequences.
Introducing design friction in a way that puts the onus on the user to work around the system – rather than making the system work around the user – forces the user to do dangerous things.
As we look at the increasing overlap between our digital and physical worlds (locks, lights, and appliances controlled by the web and smartphones), the dangers become even greater. We need an answer that’s more than just a randomly generated password we’re only going to write down on a post-it. Whether it’s two-factor verification or biometric security, we need to do better.
When I was 21 and the fifteenth employee at a dot com startup in 1996, I thought the best way to fit in with my predominantly male coworkers was to be “one of the guys”. Because I’m a perfectionist, I strove to “out-guy” the guys by escalating their crude, offensive remarks. I thought it would earn me approval. Instead, I ended up feeling powerless when my expletive-laden, sexualized banter was met with responses that made me uncomfortable. Sometimes they were remarks that personalized the abstract acts we were joking about, sometimes they were physical advances.
When I read accounts of the PyCon debacle that claim Adria Richards has no grounds to complain about dongle jokes because she’s made similar jokes in the past, I think about my behavior in my 20s, and how maladapted it is to my career in my 30s. I think about how I believed I had to make a choice between being entirely one way (letting dick and fart jokes turn into rape and incest jokes) or entirely another (disconnected from my colleagues). Boundaries aren’t about having the door completely open or completely shut – they’re about finding a comfortable, consistent happy place where we can maintain mutually fulfilling relationships.
My challenge is to find that happy place, but I think everyone’s challenge is to accept that people are flawed, complex human beings who are going to have different boundaries than we do. Setting aside my feelings about her response, Adria is allowed to be offended by things that may seem inconsistent with her past behavior.
I’ve been reminded that as a woman working in tech, I don’t have to be a dichotomous screen onto which my colleagues project either “unassailable virgin” or “complicit whore”. I don’t have to be a caricature to be accepted. And regardless of what I’ve said or done in the past, I can call shenanigans when I need to.
So apparently QUOTES are “special” characters now. It’s called ESCAPE, Morgan Stanley. And you make me want to do it.
Seriously, people. I thought we covered this, oh, back in 1997. Really, this page? It’s called a:visited, motherfucker, do you speak it?
So, how many ways is this wrongity wrong wrong?
what is this i don’t even
Luke Wroblewski talks about “forgiving inputs” in form design – allowing the user a little wiggle room in what format she wants to enter data.
I was immediately reminded of this yesterday as I was filling out an application for a creative staffing agency (I know, but a girl’s dog has to eat). I was asked to enter dates for past employment using a text input field and a calendar widget. I bypassed the calendar widget and entered MM/YY values, only to see an error on form submit that MM/DD/YYYY was required. Because I’m a lazy bastard and barely skim text, including error messages, I corrected to MM/DD/YY, only to be told that the year needed to be FOUR digits. Sigh.
So, the first problem here is validation – inline validation is dead easy to do, and it saves the user so much time and frustration. There’s really no excuse not to use it.
The second problem is how unforgiving the date entry fields were. Why can’t you append the “20” onto the “12” I submitted? Do you REALLY think I worked for that tech company in 1912?
Lastly, there’s the issue of function. I entered what seems standard for a resume – the month and year – and was told the date was required. I don’t know the date of my last period (much to my doctor’s chagrin), much less the date of a gig I finished a year ago. What value does the date have to the contract agency, other than perhaps forcing me to prove how desperate I am for work by scrabbling through old invoices and check stubs to forensically determine the EXACT dates of my employment?
In this case, asking for an exact date serves no purpose, and is inconsistent with standard practice for the closest analog, a resume. Don’t ask for information you don’t need. It just adds to the user’s burden and encourages her to bail or – in my case – enter completely made up data.
Side note: bad UI design by a creative staffing agency is kind of like a misspelled online personals ad – I’ll still meet you for coffee, but you’re going to have some work to do to overcome a bad first impression. Also, you’re buying the coffee.