I rather like the reminder question and answer that users write
themselves as a first measure after the first failed login attempt...
I also like, in the event of a subsequent failure, the "we'll email
you a link to reset your password" approach, which, combined with IP
logging and the series of identity verification questions (e.g.,
mother's maiden name, street lived on when born, etc.) works well
without compromising too much. Correct answers to even more
verification questions could allow the user to specify a new email
address (but not preclude a warning/notice message to the old address,
of course) in the event they no longer have access to the email
account used when they set up an account on your system.
I don't like using phone numbers and such for verification questions
(well, for anything other than banking and the like) because it's
dependent upon keeping the account up to date (and you generally do
keep these up to date).. otherwise you have to remember what phone
number you used (did I use my work number, and if so which one -- I
have three.) Same goes for street address and the like. your favorite
color can change over time. the name of your first pet, or street your
parents lived on when you were born won't.
.02
On Oct 24, 2008, at 6:20 AM, Jeff Garbers wrote:
On Oct 24, 2008, at 8:36 AM, JimH wrote:
.. I find it so irritating when sites don't tell the rules (and
they're all different) until after your first or second attempt
violates them!
I'd like to add an appeal for password requirements to appear after a
failed logon attempt, not just when changing or entering a new
password. Letting users know those requirements may help them
remember a forced variation on a password they usually use. Not that
I'd ever use the same password on more than one system, of course, but
I hear that *some people* do that...!
________________________________________________________________
Welcome to the Interaction Design Association (IxDA)!
To post to this list ....... [EMAIL PROTECTED]
Unsubscribe ................ http://www.ixda.org/unsubscribe
List Guidelines ............ http://www.ixda.org/guidelines
List Help .................. http://www.ixda.org/help
________________________________________________________________
Welcome to the Interaction Design Association (IxDA)!
To post to this list ....... [EMAIL PROTECTED]
Unsubscribe ................ http://www.ixda.org/unsubscribe
List Guidelines ............ http://www.ixda.org/guidelines
List Help .................. http://www.ixda.org/help