LukeW | Mobile Design Details: Hide/Show Passwords
I concur completely with Luke’s assessment here. Most password-masking on the web is just security theatre. Displaying password inputs by default (but with an option to hide) should be the norm.
Tags: password
NoPassword
I like this passwordless log in pattern but only for specific use cases: when you know that the user has access to email, and when you don’t expect repeat “snacking” visits throughout the day.
The Perpetual, Invisible Window Into Your Gmail Inbox - Waxy.org
Andy sounds a cautionary note: the password anti-pattern may be dying, but OAuth permission-granting shouldn’t be blasé. This is why granular permissions are so important.
Authentical: Random factoids I’ve encountered in authentication user research so far
Dana has put together an excellent grab-bag of data on people’s password habits.
Requiring email and passwords for new accounts - Instapaper Blog
A fascinating explanation of why Instapaper is migrating away from its passwordless sign-up.
Web 2.0 Suicide Machine - Meet your Real Neighbours again! - Sign out forever!
A quick way of leaving Facebook, Twitter, Linked In and MySpace. It uses the password anti-pattern but after using this, I guess you won't be needing that password again.
Chroma-Hash Demo
Another interesting take on assigning a visual clue to password fields.
arc90 lab : experiments : HashMask - Another (More Secure!) Experiment in Password Masking
Here's an interesting idea: generating a sparkline when you input a password ...familiarity with the generated sparkline acts as a visual aid to the user.
Twitter Status - Phishing scam
And this, boys and girls, is why the password anti-pattern is bad, m'kay?
Don't Give Your Account Passwords Away, a Mission on PMOG
A PMOG mission where players learn about the password anti-pattern.
Twitter Status - Don't Click That Link!
Twitter's promotion of the password anti-pattern bites them on the ass.
Twitter AWESOMENESS!!!
View source.
FatBusinessman.com : On Authentication
David has written an excellent comparison of the two differing mindsets when approaching online authentication. In no uncertain terms, OAuth (or an OAuth style authentication) is right and the password anti-pattern is wrong, wrong, wrong.
Facebook Security Advice: Never Ever Enter Your Passwords On Another Site, Unless We Ask You To
I never thought I'd find myself linking to and agreeing with a post on TechC*nt but it's good to see somebody pointing out Facebook's hypocrisy with using the password anti-pattern.
Linux.com :: OpenID gets the third degree at OSCON
A good overview of the OpenID panel at OSCON: "Is OpenID a panacea, a placebo, or something in between? Opposing viewpoints took turns on center stage Wednesday afternoon at OSCON 2008. The session entitled "A Critical View of OpenID" started off …
Mickipedia » Blog Archive » Social Networking Fatigue. I has it.
Good Reads is responsible for one of the most egregious abuses of trust — using the password anti-pattern to spam your address book. Micki has the details.
Coding Horror: Please Give Us Your Email Password
An excellent rant by Jeff Atwood that explains just why the password anti-pattern is such an abhorrent practice: "How did we end up in a world where it's even remotely acceptable to ask for someone's email credentials?"
Yahoo! Address Book API - YDN
You can know use an API (with BBAuth) to get contact Yahoo account contact details. There really is no excuse now for still using the password anti-pattern.
Flickr: Find your friends
Now this is how to do the "find your friends" trick. For GMail, Yahoo Mail, and Hotmail, Flickr never once asks for your password. Bravo!
Spokeo? More like Spooky-o; bad practice taken to the extreme. at Aral Balkan
Aral points to what is possibly the most egregious password anti-pattern implementation yet: a new startup called Spokeo http://www.spokeo.com/public/join
Coding Horror: A Question of Programming Ethics
A cautionary tale that explains just why the password anti-pattern needs to die. Coding horror indeed: in this case, 1,777 GMail accounts were compromised.
disambiguity - » Design Ethics - Encouraging responsible behaviour
Leisa joins in on the password anti-pattern. As she says, this is a question of ethics. I've already made my position clear to my colleagues and clients. Have you?
Bug 330884 - When different users on one system choose to save or not save passwords for sites, any other user can see sites they not only saved passwords for but can also see what other users have been saving/never saving passwords for.
The guy who submitted this Mozilla bug writes "This privacy flaw has caused my fiancé and I to break-up after having dated for 5 years."