This is a great walkthough of making a common form pattern accessible. No complex code here: some HTML is all that’s needed.
Monday, March 23rd, 2020
Wednesday, January 16th, 2019
Exactly what it sounds like: a checklist of measures you can take to protect yourself.
Most of these require a certain level of tech-savviness, which is a real shame. On the other hand, some of them are entirely about awareness.
Tuesday, August 7th, 2018
Inclusive design is also future-proofing technology for everyone. Swan noted that many more developers and designers are considering accessibility issues as they age and encounter poor eyesight or other impairments.
Tuesday, June 12th, 2018
I’ve been wondering about this for quite a while: surely demanding specific patterns in a password (e.g. can’t be all lowercase, must include at least one number, etc.) makes it easier to crack them, right? I mean, you’re basically providing a ruleset for brute-forcing.
Turns out, yes. That’s exactly right.
When employees are faced with this requirement, they tend to:
- Choose a dictionary word or a name
- Make the first character uppercase
- Add a number at the end, and/or an exclamation point
If we know that is a common pattern, then we know where to start…
Thursday, March 29th, 2018
The answers to these questions about forms are useful for just about any website:
- Is It OK To Place A Form In Two Columns?
- Where Should Labels Be Placed?
- Can We Use Placeholder Text Instead Of A Label?
- How To Lessen The Cognitive Load Of A Form?
- Are Buttons Considered Part Of A Form’s UX?
- Is It Possible To Ease The Process Of Filling A Form?
- Does The User’s Location Influence A Form’s UX?
Friday, March 10th, 2017
And here’s another reason why password rules are bullshit: you’re basically giving a list of instructions to hackers—the password rules help them narrow down the strings they need to brute force.
Thursday, January 19th, 2017
Ever been on one of those websites that doesn’t allow you to paste into the password field? Frustrating, isn’t it? (Especially if you use a password manager.)
It turns out that nobody knows how this ever started. It’s like a cargo cult without any cargo.
Wednesday, December 7th, 2016
This is a wonderful service! Handcrafted artisanal passwords made with a tried and trusted technique:
You roll a die 5 times and write down each number. Then you look up the resulting five-digit number in the Diceware dictionary, which contains a numbered list of short words.
That’s the description from the site’s creator, Mira:
Please keep in mind when ordering that I am a full-time sixth grade student with a lot of homework.
She’s the daughter of Julia Angwin, author of Dragnet Nation.
Wednesday, January 28th, 2015
Luke continues to tilt against the windmills of the security theatre inertia that still has us hiding passwords by default. As ever, he’s got the data to back up his findings.
Wednesday, December 3rd, 2014
A fascinating look at how the humble password gets imbued with incredible levels of meaning.
It reminds me of something I heard Ze Frank say last year: “People fill up the cracks with intimacy.”
Wednesday, November 7th, 2012
I concur completely with Luke’s assessment here. Most password-masking on the web is just security theatre. Displaying password inputs by default (but with an option to hide) should be the norm.
Tuesday, June 12th, 2012
Neal Stephenson would like your help in making a video game about sword-fighting that doesn’t suck.
Monday, December 20th, 2010
A fascinating explanation of why Instapaper is migrating away from its passwordless sign-up.