Finger Trouble.
(Written: 29/08/2019, Updated: 04/12/2023)
Some days it really is just that simple.
I notice that a lot of ordinary people out there find our new, current, secure, post-quantum password policies really difficult to understand.
* Case-confusion,
* Letter-number confusion,
* Punctuation proliferation,
* Inadvertent reversals,
* Unexpected insertions,
* Never reusing a password,
* Remembering a different password for every account.
These, and more, are the delights awaiting those who dare to grapple with the password fields of today.
And, of course, to reduce shoulder surfing, our password fields usually display blobs instead of characters so you can't actually see the mistakes you are making.
After a few tries you assume the worst and request a password reset.
If the password reset takes a while to percolate through the server, further confusion arises.
A premium rate call to the support phone line can occupy more unfruitful hours. Unfruitful because the support technician can't see the details of your login interaction for security reasons and so can't really help you.
The pre-computer and pre-internet demographic is a large one.
Support phone lines must feel this pressure.
Today it turned out to be fairly simple.
Watching my customer typing his password I noticed some finger-slip. What I didnt notice was his too-early release of the shift key and his bracelet dragging on the keyboard.
There is no way to spot those things unless you are actually physically present.
Again, something that phone support can't help you with.
Full marks to BT for once, though. BT now provide a "Show" link to the right of their password field. Clicking and holding the mouse button on this link causes the password field to display it's characters instead of blobs. That's how we spotted some of the more fleeting mis-keyings.
The "gotcha!" moment came when I indicated the "Show" link to the customer only for him to tell me that he had seen it but had been ignoring it because he had no idea what it meant.
One word: Focus groups.
OK. That's two words.
If you noticed that, then I think I've made my point.
Some available solutions to these problems are:
* Password manager software, eg: LastPass,
* Biometric login, where that is supported,
* Writing down your accounts and passwords on paper.
I'm surprised how many people write down their passwords very accurately in a small paper diary. They then keep that diary locked in a safe place and only bring it out when necessary.
They usually even remember to update the diary when they change their passwords. Personally I think this is an excellent security policy.
To be extra secure, though, they rarely write down which accounts their passwords are for.
This provides then with the assurance of almost perfect data security. It does mean, however, that they can never find the password that they want and, these days, after 3 login failures their accounts get frozen.
Hmm.
Today, though, I felt that warm glow of seeing someone learn one new fact that will make their life immeasurably better.
And I'm smiling now just thinking about it.
See you soon, J.
(Written: 29/08/2019, Updated: 04/12/2023)
Some days it really is just that simple.
I notice that a lot of ordinary people out there find our new, current, secure, post-quantum password policies really difficult to understand.
* Case-confusion,
* Letter-number confusion,
* Punctuation proliferation,
* Inadvertent reversals,
* Unexpected insertions,
* Never reusing a password,
* Remembering a different password for every account.
These, and more, are the delights awaiting those who dare to grapple with the password fields of today.
And, of course, to reduce shoulder surfing, our password fields usually display blobs instead of characters so you can't actually see the mistakes you are making.
After a few tries you assume the worst and request a password reset.
If the password reset takes a while to percolate through the server, further confusion arises.
A premium rate call to the support phone line can occupy more unfruitful hours. Unfruitful because the support technician can't see the details of your login interaction for security reasons and so can't really help you.
The pre-computer and pre-internet demographic is a large one.
Support phone lines must feel this pressure.
Today it turned out to be fairly simple.
Watching my customer typing his password I noticed some finger-slip. What I didnt notice was his too-early release of the shift key and his bracelet dragging on the keyboard.
There is no way to spot those things unless you are actually physically present.
Again, something that phone support can't help you with.
Full marks to BT for once, though. BT now provide a "Show" link to the right of their password field. Clicking and holding the mouse button on this link causes the password field to display it's characters instead of blobs. That's how we spotted some of the more fleeting mis-keyings.
The "gotcha!" moment came when I indicated the "Show" link to the customer only for him to tell me that he had seen it but had been ignoring it because he had no idea what it meant.
One word: Focus groups.
OK. That's two words.
If you noticed that, then I think I've made my point.
Some available solutions to these problems are:
* Password manager software, eg: LastPass,
* Biometric login, where that is supported,
* Writing down your accounts and passwords on paper.
I'm surprised how many people write down their passwords very accurately in a small paper diary. They then keep that diary locked in a safe place and only bring it out when necessary.
They usually even remember to update the diary when they change their passwords. Personally I think this is an excellent security policy.
To be extra secure, though, they rarely write down which accounts their passwords are for.
This provides then with the assurance of almost perfect data security. It does mean, however, that they can never find the password that they want and, these days, after 3 login failures their accounts get frozen.
Hmm.
Today, though, I felt that warm glow of seeing someone learn one new fact that will make their life immeasurably better.
And I'm smiling now just thinking about it.
See you soon, J.