June 27th, 2008
by Kristof

Aral Balkan wrote this little rant on's "forgot password" procedure.

I always use strong passwords. A mix of symbols, numbers and letters ensure the safety of my account. I even have a human algorythm to create different passwords for each website. Unfortunately, for the algorythm to work, the password always requires symbols, numbers and letters.

Cue website that enforce password constraints. I don't know why websites insist on enforcing rules on passwords. If your user wants an easy password, then it's up to him. You can always tell him how low-security passwords pose a threat to his privacy, but in the end he will not care. If you enforce constraints, he will probably only write down the password on a sticky piece of paper and stick it to his office monitor.

Even worse is the scenario that I encounter quite frequently as of lately. Upon registration, I enter my password which, for didactical purposes, is doogietitia+0, and I get an error message which says the following.

Your password must contain at least 1 number or symbol

As it pops up in more than 1 website, I'm sure that somewhere there's a free password checker that everyone is using and haven't checked properly. Websites that I remember to have this problem:

  •, a T-Mobile brand
  •, a VISA card issuer

ISCards support was extremely frustrating. "Yes sir, we have had a few more complaints about this, but we can't do anything about it. We have reported it but it's not likely that it will be fixed soon". For F's sake, you're a financial institution and you have my credit card statements available online!

Posted in Selfish, UI & Usability | Comments (0)

No comments yet

Leave a Reply

SEO Powered by Platinum SEO from Techblissonline