So, let me get this straight. You want to LIMIT the number of characters I can have in my password. What, do the hamsters running on wheels to power your databases get tired?!

So, let me get this straight. You want to LIMIT the number of characters I can have in my password. What, do the hamsters running on wheels to power your databases get tired?!


Taborder/form design FAIL.

Taborder/form design FAIL.


Really? I thought we were past this. Like, back in 2007.

Really? I thought we were past this. Like, back in 2007.


I was walking the dog and heard what I thought was an air raid siren, before I realized it was coming from my pocket. Thanks, Obama. Now I need to change my drawers.

I was walking the dog and heard what I thought was an air raid siren, before I realized it was coming from my pocket. Thanks, Obama. Now I need to change my drawers.


I’m being punked, aren’t I? USAA, you’re fucking with me.

I’m being punked, aren’t I? USAA, you’re fucking with me.


littlebigdetails:

Dropbox - Password strength is indicated by colored bars underneath the input field.
rammionline

UI that *doesn’t* suck – specifically, where they put the password strength bars. Doesn’t take up nearly as much room as most implementations I’ve seen.

littlebigdetails:

Dropbox - Password strength is indicated by colored bars underneath the input field.

rammionline

UI that *doesn’t* suck – specifically, where they put the password strength bars. Doesn’t take up nearly as much room as most implementations I’ve seen.


Passwords are bad design - so what’s next?

Unless you’re a smartypants who’s been using KeepPass or LastPass for years, you’ve probably written down a password. And if you have, it’s probably been in response to what you considered to be unnecessarily onerous password creation or maintenance requirements.

As someone who’s worked for HIPAA-compliant companies, I understand this. I really do. Hell, I’ve been locked out of my email while traveling for work because the hotel internet connection was too slow and the code from my SecurID fob expired before it finished submitting. But think about the recent security breaches that have hit the news and ask yourself how many were the result of a weak password, and how many were the result of human error caused by frustration with or inability to comply with strict security requirements.

Human error comes in many forms. The aforementioned password written on a post-it and stashed under a keyboard. The laptop filled with unencrypted PII and left on the passenger seat of a car.

When you make it too hard for people to play by the rules, they break them. This is true in the physical world as well as the digital one.

If you make it hard for someone to buy or rent movies online legally, they’ll pirate them. If you make it complicated for people to pay taxes, they just won’t.

After a series of accidents involving right-turning cars striking bicycles at a particular intersection in Portland, the city put up a barrier and signage prohibiting right turns. Instead, drivers must drive half a mile further, turn and wait at a light, drive half a mile *back* to the original intersection, and wait at a light to turn left. It should come as no surprise that some drivers break this onerous rule, with the expected consequences.

Introducing design friction in a way that puts the onus on the user to work around the system – rather than making the system work around the user – forces the user to do dangerous things.

As we look at the increasing overlap between our digital and physical worlds (locks, lights, and appliances controlled by the web and smartphones), the dangers become even greater. We need an answer that’s more than just a randomly generated password we’re only going to write down on a post-it. Whether it’s two-factor verification or biometric security, we need to do better.



In Praise of Ambiguity

When I was 21 and the fifteenth employee at a dot com startup in 1996, I thought the best way to fit in with my predominantly male coworkers was to be “one of the guys”. Because I’m a perfectionist, I strove to “out-guy” the guys by escalating their crude, offensive remarks. I thought it would earn me approval. Instead, I ended up feeling powerless when my expletive-laden, sexualized banter was met with responses that made me uncomfortable. Sometimes they were remarks that personalized the abstract acts we were joking about, sometimes they were physical advances.


When I read accounts of the PyCon debacle that claim Adria Richards has no grounds to complain about dongle jokes because she’s made similar jokes in the past, I think about my behavior in my 20s, and how maladapted it is to my career in my 30s. I think about how I believed I had to make a choice between being entirely one way (letting dick and fart jokes turn into rape and incest jokes) or entirely another (disconnected from my colleagues). Boundaries aren’t about having the door completely open or completely shut – they’re about finding a comfortable, consistent happy place where we can maintain mutually fulfilling relationships.


My challenge is to find that happy place, but I think everyone’s challenge is to accept that people are flawed, complex human beings who are going to have different boundaries than we do. Setting aside my feelings about her response, Adria is allowed to be offended by things that may seem inconsistent with her past behavior.


I’ve been reminded that as a woman working in tech, I don’t have to be a dichotomous screen onto which my colleagues project either “unassailable virgin” or “complicit whore”. I don’t have to be a caricature to be accepted. And regardless of what I’ve said or done in the past, I can call shenanigans when I need to.


So apparently QUOTES are “special” characters now. It’s called ESCAPE, Morgan Stanley. And you make me want to do it.