Skip navigation

user experience

warning: Creating default object from empty value in /var/www/vhosts/ on line 33.
Original author: 
Casey Johnston

Few Internet frustrations are so familiar as the password restriction. After creating a few (dozen) logins for all our Web presences, the use of symbols, mixed cases, and numbers seems less like a security measure and more like a torture device when it comes to remembering a complex password on a little-used site. But at least that variety of characters keeps you safe, right? As it turns out, there is some contrary research that supports both how frustrating these restrictions are and suggests it’s possible that the positive effect of complexity rules on security may not be as great as long length requirements.

Let's preface this with a reminder: the conventional wisdom is that complexity trumps length every time, and this notion is overwhelmingly true. Every security expert will tell you that “Supercalifragilistic” is less secure than “gj7B!!!bhrdc.” Few password creation schemes will render any password uncrackable, but in general, length does less to guard against crackability than complexity.

A password is not immune from cracking simply by virtue of being long—44,991 passwords recovered from a dump of LinkedIn hashes last year were 16 characters or more. The research we describe below refers specifically to the effects of restrictions placed by administrators on password construction on their crackability. By no means does it suggest that a long password is, by default, more secure than a complex one.

Read 13 remaining paragraphs | Comments

Your rating: None
Original author: 
Cesar Torres

Tumblr Creative Director Peter Vidani

Cesar Torres

New York City noise blares right outside Tumblr’s office in the Flat Iron District in Manhattan. Once inside, the headquarters hum with a quiet intensity. I am surrounded by four dogs that employees have brought to the workspace today. Apparently, there are even more dogs lurking somewhere behind the perpendicular rows of desks. What makes the whole thing even spookier is that these dogs don’t bark or growl. It’s like someone’s told them that there are developers and designers at work, and somehow they’ve taken the cue.

I’m here to see Tumblr’s Creative Director Peter Vidani who is going to pull the curtain back on the design process and user experience at Tumblr. And when I say design process, I don’t just mean color schemes or typefaces. I am here to see the process of interaction design: how the team at Tumblr comes up with ideas for the user interface on its website and its mobile apps. I want to find out how those ideas are shaped into a final product by their engineering team.

Back in May, Yahoo announced it was acquiring Tumblr for $1.1 billion. Yahoo indicated that Tumblr would continue to operate independently, though we will probably see a lot of content crossover between the millions of blog posts hosted by Tumblr and Yahoo’s search engine technology. It’s a little known fact that Yahoo has provided some useful tools for UX professionals and developers over the years through their Design Pattern Library, which shares some of Yahoo’s most successful and time-tested UI touches and interactions with Web developers. It’s probably too early to tell if Tumblr’s UI elements will filter back into these libraries. In the meantime, I talked to Vidani about how Tumblr UI features come to life.

Read 9 remaining paragraphs | Comments

Your rating: None

“In architecture it isn’t enough to just have the right building that works well. It can also be beautiful. It can also be different. It can create surprise. And surprise is the main thing in a work of art. […] I like and respect Brasília very much. It is a simple city, a rational one. I always defend the urban design of Brasília”- Oscar Niemeyer (Architect of Brasília’s Cathederal).

A charming quote, made even more interesting by this biting counterpoint from Architect and Human-Centred Urban Quality Consultant Jan Gehl:

“Brasília was the ultimate modernistic city, built on all the ideas of the modernistic manifests. It looks fantastic from the airplane. But if you are down at eye level, on your feet and going from one place to another, Brasília is a disaster. Every distance is too wide. Things are not connected. You have to trample for endless miles along completely straight paths. Nobody ever started to think about what it would be like to be out in Brasília in between all these monuments.”

Jan explains: “As far as I am concerned, the people scale is THE important scale of all of them. We have the city plan scale, the site plan scale and the people scale. And definitely the people scale, where you touch the city, and where you touch the buildings – that’s what counts for quality. […] I find it striking that the quality of the urban habitat of homo sapiens is so weakly researched compared to the habitat of mountain gorillas and bengal tigers and panda bears in China.”

At Clearleft we often talk about what happens when you design at the wrong level of zoom. Dribbble, for example, encourages you to focus in on a 400×300 pixel rectangle, so you end up with something beautiful that has no bearing on the real user experience. It’s easy to marvel at the theoretical perfection of your work but ultimately it’s not your judgement that matters. The end users – the citizens who has to live in your streets – these are the people who determine its success.

The video clip above is from Gary Hustwit’s Urbanized, which you can now watch online for just $3.99. Highly recommended.

Related posts:

  1. Dave Meslin on designing for intentional exclusion

Your rating: None

"The $300 Million Button," Jared Spool's 2009 article on usability and ecommerce design, is remarkable in that it a) articulates something that anyone who shops widely online already knows; b) is advice that would make a lot of money for sites if they adopted it; c) has been part of the literature for at least two and a half years; d) is roundly ignored.

Spool is recounting the story of an unnamed large ecommerce retailer who had one of those forms that made you register before you could buy anything, and to remember your login and password before you could shop there again. Removing this form, and allowing the option of saving your details with a login and password at the end of the transaction, increased the retailer's sales by $300,000,000 in the first year.

From a commerce perspective, the Internet's glory is reduced search costs for customers. When I was making my office coffee table, I decided I wanted to source some brightly colored anodized aluminum bolts, nuts and washers. I'd never bought these before, but I assumed they existed, and I was right -- a couple searches showed me that they existed and were sold to motorcycle modders. I found a site that supplied them, and ordered sixteen of each, plus some spares. It was the first time in 39-some years I'd needed brightly colored bolts, and it may very well be that long again before I need any more.

So while this specialist bolt retailer is visible to motorcyle hobbyists and can compete for their repeat business with other specialists, they're also tapping into a market to whom they were entirely invisible until the net came along. Periodically, someone like me is going to drop in and spend some money on a one-off basis, and make windfall cash for them. There are a lot of people who, at some time in their lives, want to buy some specialized component or good. Before the Internet came along, we'd likely have just got the non-specialized equivalent. But because of the Internet, businesses all over the world are getting sales from the unlikeliest of corners. And what's more, some of those one-time only customers might discover that they actually really enjoy whatever the specialist thing is, and come back for more. It's win-win.

But the fastest way to alienate those customers and scare away that free money is to make its owner establish a relationship with you before s/he can make a purchase. In the case of the company that sold me my bolts, I was required to create a login and password, and I still get a fortnightly newsletter full of information I don't care to know about bolts (I checked all the opt-out bits, but either I missed one or they just don't pay attention to it).

Spool's research showed that a substantial portion of ecommerce users are even more sick of this stuff than I am -- $300 million/year's worth, in fact. And what's more, of the repeat customers who might have benefited from the faster checkout afforded by creating an account, 45 percent had multiple accounts in the system because they'd forgotten their logins, lost access to the email accounts they'd used, and signed up again with a new address.

Repeat customers weren't any happier. Except for a very few who remembered their login information, most stumbled on the form. They couldn't remember the email address or password they used. Remembering which email address they registered with was problematic - many had multiple email addresses or had changed them over the years.

When a shopper couldn't remember the email address and password, they'd attempt at guessing what it could be multiple times. These guesses rarely succeeded. Some would eventually ask the site to send the password to their email address, which is a problem if you can't remember which email address you initially registered with.

(Later, we did an analysis of the retailer's database, only to discover 45% of all customers had multiple registrations in the system, some as many as 10. We also analyzed how many people requested passwords, to find out it reached about 160,000 per day. 75% of these people never tried to complete the purchase once requested.)

The form, intended to make shopping easier, turned out to only help a small percentage of the customers who encountered it. (Even many of those customers weren't helped, since it took just as much effort to update any incorrect information, such as changed addresses or new credit cards.) Instead, the form just prevented sales - a lot of sales.

The $300 Million Button

(via Beth Pratt)

Your rating: None