Tuesday, January 15, 2008

8 More Design Mistakes with Account Sign-in

Eight more design mistakes ...

Designing an account registration and sign-in process that doesn't frustrate users turns out to be very difficult to achieve. It looks easy at the outset, but a pile of subtleties can sneak up on your experience, making something that should be simple become stressful for the users.

In my recent article, I discussed eight common design mistakes with account sign-in. In this article, I outline eight additional mistakes we've seen as we watch users try to create accounts and sign into the site.
Mistake #9: Not Telling Users the Requirements for Username and Password Up Front

On the Cisco site, when selecting a User ID, users are told that it "must contain at least one letter and no spaces. May contain numbers." It's only after the user enters a six-letter user id that an error message appears amending the rules that the id must be "a length between 9 and 50 characters."

It's not clear why Cisco felt the need to surprise short-labeled users with this additional requirement. None of the users we tested were pleased to learn this additional information.

When creating a new Google Mail account, Google provides a "Check Availability" button, which will inform users about the minimum length requirement (6 characters). This is better than Cisco, in that the user isn't forced to fill out the entire page before discerning whether their desired account name is legal and open.

Blinksale does one better, giving feedback on every character typed. As the user enters an id, the design tells them it is too short or contains illegal characters.
Mistake #10: Requiring Stricter Password Requirements Than The NSA

We couldn't stop picking on Cisco without giving you one final peek into their registration process: the page explaining how to choose a password is two-and-a-half screens long. They don't want anyone buying golf balls under false pretenses.

Many people choose passwords based on the underlying importance of the information. They ask themselves, "How much trouble will I get into if this information gets out?" Several folks we talked to use a small number of passwords, each chosen for the underlying security.

The tougher the security policy, the more likely their regular passwords won't work. That will mean they need to create and remember a new password -- something that involves a lot of cognitive work (and probably not work they thought they'd have to sign up for). It's important that sites not go overboard with security requirements unless there's a lot of risk involved with a breach."    (Continued via UIE, Jared Spool)    [Usability Resources]


Post a Comment

<< Home

<< Home