Friday, November 11, 2011

Open Letter to Web Site Developers

Dear Web Site Developer (or misguided management):

Please don't do any of these things on your web sites:
  1. Ask me to enter my email address twice.
  2. Tell me what characters I can and can't use in my password.
  3. Time out my sessions for my own protection.
  4. Make me change my password every so often.
  5. Make every field in your form *required.
  6. Make it impossible for me to change my email address.
  7. Insist that I provide you with a security question and answer.
I know how to type my email address and I know more about how to create a secure password than you do, and I do not forget my passwords. You have meetings where you talk about "reducing friction" for people to join your sites. You create friction every time I log in, not just when I sign up.

If you are a bank, and your page times out after 5 minutes and I have to log in AGAIN, inside my highly secure physical location with no possible access to my computer by anyone but me ... are you protecting me, or irritating me?

Glenn Reid


Jon said...

I wish you worked here. In my situation, it's not the developers that are imposing these requirements, it's misguided "business" requirements.

John said...

My fave is sites that require a facebook account to log in or even just leave a comment!