Pages

Thursday, February 2, 2012

Login password for websites

Internet websites require the user to register an ID and password to access an user account. To enhance security, they may require a strong password to be used, e.g. to exceed a certain length and to contain a mixture of numbers, small letters and capital letters. Some websites require the password to be changed at certain intervals and disallow the use of passwords that were used previously.

The designers of these security measures forget that most users have to handle several dozen passwords at various websites. If the passwords are changed and different passwords are used, it is difficult for the user to keep track of the passwords. They have to record the passwords somewhere, which actually increases the chance of these passwords being stolen and misused!

Here are some practical measures used by some websites:

  • They remind the user to change the password, but give the option to skip the change or for old password to be used again
  • They do not require the user to change the password, but require a second password for certain sensitive transactions.
The website designer should also consider if the website really needs to have enhanced security measures. If the information is not sensitive, there is no need to introduce complicated password structures. It is best to allow the user to decide on using a simple or strong password, rather than for the website designer to insist on a strong password.

 

0 comments:

Post a Comment