Usability – Alex Ivaylov – a web developer http://www.alex.bg Alex BG Web Developer Blog Sat, 10 Aug 2024 13:17:17 +0000 en-US hourly 1 https://wordpress.org/?v=4.8.8 about passwords and web security in general http://www.alex.bg/2011/06/about-security-on-the-web/ http://www.alex.bg/2011/06/about-security-on-the-web/#respond Thu, 30 Jun 2011 12:57:00 +0000 http://www.alex.bg/?p=621 The topic about passwords never gets old. They are the unique string which a user has to enter into a web site in order for the system of that site to know who the user is.. But you already know that of course.

In the beginning passwords could be anything from just a single letter to 20 chars. Then password polices got a little stricter and most of the websites made a requirement for at least 4 characters, then the limit was lifted to 6 characters. Now in the last few years some websites have lifted the limit to 8 characters and others have also added additional security requirements such as having both upper and lower case characters and numbers in the password.

That’s all good and it is going in the right direction, however, users are not happy with that at all. A lot of users are so frustrated, when they try to register on a website and they are asked to change their password and add numbers to it, that they just don’t bother doing it. That way, the website owner looses visitors/customers and as a result looses money and website reputation.

Back in the day passwords could be just anything because there were not so many and even if accounts were hacked it wasn’t that critical – there wasn’t that many e-commerce websites and other things involving money. The only thing that people were using which could be hacked were emails but, usually there was just spam in them which wasn’t valuable.

Nowadays, passwords can’t be just words. The web is world wide. This includes all those dodgy places such (as Nigera) which means that all these bad people from across the world (some of you may call them “hackers” but “crackers” would be more suitable in my opinion) could make an attempt to login as you and access your money or other valuable information. The attempt is more likely to be successful if your password was just a word. If your password was matching the new polices (having both lower/uppercase/number/etc) it is less likely that the Nigerians would get access to your money.

The modern crackers are not sitting down and trying each word that comes on their mind manually. It’s easier for them if they write a program, which tries thousands of different words automatically until it gets the right one. Having these thousands of crackers, trying thousands of words it is most likely that you will get hacked if you used something like “health” as your password.

To give you an idea of what the strength of the passwords nowadays, we will use analyzes from the recently hacked sony accounts:

An analysis by security researcher Troy Hunt revealed that two-thirds of users with accounts at both Sony and Gawker used the same password on both sites... Half the password sample from the Sony hack used only one character type and only one in a hundred passwords used a non-alphanumeric character, much the same as revealed by the earlier Gawker hack. Only 4 per cent of these passwords had three or more character types.

read the complete analyzes here

So this means that the crackers are currently way ahead in front of users. If one of those users with a weak password becomes the target of an experienced cracker, it is just a matter of time for the cracker to get illegal access.

If something like that happens, legally it is entirely the user’s fault for using that weak password and the website cant be held liable for any damages. The users don’t know that, they think that if something happens it’s the website’s fault not theirs. They want their data, money, etc to be secure but they also want to use “1234” as password at the same time. That is what the problem is.
Possible solutions to this problem are universal cross-webstie online identities such as openID. However, they are still not bullet proof.

Another problem is that even the complex passwords will not be that secure in the near future with the crackers improving and using faster and faster software (some of which is run on graphics cards) with more and more words in their databases.

In my opinion the whole username/password login model must change in the future because it will soon be useless. I dont know what we should use instead. We cant relay on low level limits (such as limiting a user to an ip) because we live in the mobile days, where the mobile phones change their ip address on every cell they register.

I cant think of a better identification mechanism. Can you?

]]>
http://www.alex.bg/2011/06/about-security-on-the-web/feed/ 0
About usability http://www.alex.bg/2010/02/about-usability/ http://www.alex.bg/2010/02/about-usability/#respond Tue, 09 Feb 2010 07:30:40 +0000 http://uk.alex.bg/?p=358 Usability is a term used to denote the ease with which people can employ a particular tool to achieve their goals. In User Interface design, usability is the clarity with which the interaction with a computer product is designed.

Main points of usability are:

  • Ease of learning
  • Efficiency of use
  • Memorability
  • Error frequency and severity
  • Subjective satisfaction

In this category, I will be writing about usability, relayed to my cinema kiosk interface prototype:

Click here to open the Kiosk prototype

]]>
http://www.alex.bg/2010/02/about-usability/feed/ 0
Heuristics: 1. Visibility of system status http://www.alex.bg/2010/02/visibility-of-system-status/ http://www.alex.bg/2010/02/visibility-of-system-status/#respond Tue, 09 Feb 2010 06:15:29 +0000 http://uk.alex.bg/?p=361 It is important that every software product keeps the user updated on what the system is going on every moment. It must be clear whatever the system is doing something or it is waiting for the user to make a choise.

All these has been taken into consideration, when designing the Atro kiosk interface and the user has been given clear instructions if they have to click or something or if they have to wait for this system to do something.

]]>
http://www.alex.bg/2010/02/visibility-of-system-status/feed/ 0
Heuristics: 2. Match between system and the real world http://www.alex.bg/2010/02/heuristics-2-match-between-system-and-the-real-world/ http://www.alex.bg/2010/02/heuristics-2-match-between-system-and-the-real-world/#respond Tue, 09 Feb 2010 05:56:58 +0000 http://uk.alex.bg/?p=375 The logic and the way the people see the Atro cinema kiosk system’s interface is pretty much the same way as if they are purchasing tickets from a salesman:
a. Indicate their interest by clicking on the screen (same is if they start a conversation with the sales man)
b. They see a list of movies (same as if they were told the current movies by a person) OR (they collect reserved tickets (same as if they asked a real person for them)
c. They choose ticket options (projection and quantity) the same way as if a real person asked them for the projection and the quantity.
d. They pay by cash or card in the same way as if they were paying to a real person.

The main purpose of the kiosk is to replace the sales person.

]]>
http://www.alex.bg/2010/02/heuristics-2-match-between-system-and-the-real-world/feed/ 0
Heuristics: 3. User control and freedom http://www.alex.bg/2010/02/heuristics-3-user-control-and-freedom/ http://www.alex.bg/2010/02/heuristics-3-user-control-and-freedom/#respond Tue, 09 Feb 2010 04:02:34 +0000 http://uk.alex.bg/?p=378 Users should be able to go back if they choose the wrong option or if they make a mistake in their choises when using the system.

At the moment, this is only partly implemented, while the user is viewing the movies on show.

This has not been completely implemented into the prototype, but will be in the final product.

]]>
http://www.alex.bg/2010/02/heuristics-3-user-control-and-freedom/feed/ 0
Heuristics: 4. Consistency and standards http://www.alex.bg/2010/02/heuristics-4-consistency-and-standards/ http://www.alex.bg/2010/02/heuristics-4-consistency-and-standards/#respond Tue, 09 Feb 2010 03:07:03 +0000 http://uk.alex.bg/?p=383
  • The system is standard. It is similar to all other cinema kiosks.
  • It is similar to other systems, which the user has probably already used.
  • The system is nearly the same as the self checkout machines in the big supermarkets, which more that 80% of the people have used.
  • The system is similar to a cash machine, which more than 95% of the people have used.
  • The system is consistent. The element positions, colours, texts, controls, etc. do not randomly change as the screen changes.
  • Once, the user starts using the system, the elements are at the place, where he would expect them on the next screen.
  • ]]>
    http://www.alex.bg/2010/02/heuristics-4-consistency-and-standards/feed/ 0
    Heuristics: 5.Error prevention http://www.alex.bg/2010/02/heuristics-5-error-prevention/ http://www.alex.bg/2010/02/heuristics-5-error-prevention/#respond Tue, 09 Feb 2010 02:29:44 +0000 http://uk.alex.bg/?p=389 Making your User Interface inform your users about their errors or mistakes is one of the hardest tasks.

    When creating the error reporting features, these should be taken into consideration:

    The user must understand what the problem is.

    The user must understand what have they done wrong.

    The reason for the error and its details must be clear for the user.

    Error messages, such as “Error 0x043502340” should not be displayed at any point to the user.

    The user must not get fustrated by getting errors from your system.

    Highghly emphasized error messages, with high contrasted, shining, blinking, red typefaces should be avoited.

    Experts recommend that similarity with the real world is taken into consideration when designing the error reporting interface.

    For example: Imagine that you have a paper form, where someone has forgotten to fill in a required information: What you will do is go to them and kindly ask “Hey, can you have a look at this…”. Most of user interfaces out there display highly emphasized error messages with a lot of blinking red text which has explanation marks. This always causes fustration in the user because it makes them feel as if they have done something very bad which can not be fixed.

    In this prototype: These points have not been implemented, because the prototype does not return any errors. Once, the

    ]]>
    http://www.alex.bg/2010/02/heuristics-5-error-prevention/feed/ 0
    Heuristics: 7.Recognition rather than recall http://www.alex.bg/2010/02/heuristics-7-recognition-rather-than-recall/ http://www.alex.bg/2010/02/heuristics-7-recognition-rather-than-recall/#respond Tue, 09 Feb 2010 01:52:05 +0000 http://uk.alex.bg/?p=396 The user should not have to remeber a lot in order to complete their job. The systme should provide all the information, which the user needs in order to complete their task. \

    For example: Giving the user a five digit ID number, which he must remember to complete the transaction in the end.

    This has been taken into consideration when designing the kiosk interface and all the information that the user need is shown then they need it.

    ]]>
    http://www.alex.bg/2010/02/heuristics-7-recognition-rather-than-recall/feed/ 0
    Heuristics: 8.Flexibility and efficiency of use http://www.alex.bg/2010/02/heuristics-8-flexibility-and-efficiency-of-use/ http://www.alex.bg/2010/02/heuristics-8-flexibility-and-efficiency-of-use/#respond Tue, 09 Feb 2010 00:02:00 +0000 http://uk.alex.bg/?p=398 The system should be easy for the user to learn it so that, when they came back later, they could do their job faster. This means that all the other heiristics points must be taken into consideration and that the system UI must not have any major changes, unless they are extremely necessery.

    If changes are needed, they must be done in a way, that should keep the UI as close to the old one, which the users have already learned, as possible.

    Techniques for promoting other less used parts of the system, by replacing them with the most used ones should be avoided. An example is Facebook, which recently implemented a new User Interface, which intents to make their users use the chat function more, by taking away some of the most used modules and replacing them with chat options. This is currently causing problems to a lot of Facebook users and most of them are not happy with the change.

    In the kiosk prototype, due to the consistent UI design, it is easy to learn and all these layout will be kept in the future of the design.

    ]]>
    http://www.alex.bg/2010/02/heuristics-8-flexibility-and-efficiency-of-use/feed/ 0
    Heuristics: 9. Aesthetic and minimalist design http://www.alex.bg/2010/02/heuristics-9-aesthetic-and-minimalist-design/ http://www.alex.bg/2010/02/heuristics-9-aesthetic-and-minimalist-design/#respond Mon, 08 Feb 2010 23:06:55 +0000 http://uk.alex.bg/?p=401 Elements and information which are not needed in the current screen of a UI should be avoided. They could only get the user confused.

    This has been taken into consideration for the cinema kiosk design, where we have an aestetic and minimalist, user-centered design.

    ]]>
    http://www.alex.bg/2010/02/heuristics-9-aesthetic-and-minimalist-design/feed/ 0