Aral Balkan wrote this little rant on del.icio.us's "forgot password" procedure.

I always use strong passwords. A mix of symbols, numbers and letters ensure the safety of my account. I even have a human algorythm to create different passwords for each website. Unfortunately, for the algorythm to work, the password always requires symbols, numbers and letters.

Cue website that enforce password constraints. I don't know why websites insist on enforcing rules on passwords. If your user wants an easy password, then it's up to him. You can always tell him how low-security passwords pose a threat to his privacy, but in the end he will not care. If you enforce constraints, he will probably only write down the password on a sticky piece of paper and stick it to his office monitor.

Even worse is the scenario that I encounter quite frequently as of lately. Upon registration, I enter my password which, for didactical purposes, is doogietitia+0, and I get an error message which says the following.

Your password must contain at least 1 number or symbol

As it pops up in more than 1 website, I'm sure that somewhere there's a free password checker that everyone is using and haven't checked properly. Websites that I remember to have this problem:

• ben.nl, a T-Mobile brand
• iscards.nl, a VISA card issuer

ISCards support was extremely frustrating. "Yes sir, we have had a few more complaints about this, but we can't do anything about it. We have reported it but it's not likely that it will be fixed soon". For F's sake, you're a financial institution and you have my credit card statements available online!

This entry was posted on Friday, June 27th, 2008 at 03:35 and is filed under Selfish, UI & Usability. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.