In the beginning passwords could be anything from just a single letter to 20 chars. Then password polices got a little stricter and most of the websites made a requirement for at least 4 characters, then the limit was lifted to 6 characters. Now in the last few years some websites have lifted the limit to 8 characters and others have also added additional security requirements such as having both upper and lower case characters and numbers in the password.

That’s all good and it is going in the right direction, however, users are not happy with that at all. A lot of users are so frustrated, when they try to register on a website and they are asked to change their password and add numbers to it, that they just don’t bother doing it. That way, the website owner looses visitors/customers and as a result looses money and website reputation.

Back in the day passwords could be just anything because there were not so many and even if accounts were hacked it wasn’t that critical – there wasn’t that many e-commerce websites and other things involving money. The only thing that people were using which could be hacked were emails but, usually there was just spam in them which wasn’t valuable.

Nowadays, passwords can’t be just words. The web is world wide. This includes all those dodgy places such (as Nigera) which means that all these bad people from across the world (some of you may call them “hackers” but “crackers” would be more suitable in my opinion) could make an attempt to login as you and access your money or other valuable information. The attempt is more likely to be successful if your password was just a word. If your password was matching the new polices (having both lower/uppercase/number/etc) it is less likely that the Nigerians would get access to your money.

The modern crackers are not sitting down and trying each word that comes on their mind manually. It’s easier for them if they write a program, which tries thousands of different words automatically until it gets the right one. Having these thousands of crackers, trying thousands of words it is most likely that you will get hacked if you used something like “health” as your password.

To give you an idea of what the strength of the passwords nowadays, we will use analyzes from the recently hacked sony accounts:

An analysis by security researcher Troy Hunt revealed that two-thirds of users with accounts at both Sony and Gawker used the same password on both sites... Half the password sample from the Sony hack used only one character type and only one in a hundred passwords used a non-alphanumeric character, much the same as revealed by the earlier Gawker hack. Only 4 per cent of these passwords had three or more character types.

read the complete analyzes here

So this means that the crackers are currently way ahead in front of users. If one of those users with a weak password becomes the target of an experienced cracker, it is just a matter of time for the cracker to get illegal access.

If something like that happens, legally it is entirely the user’s fault for using that weak password and the website cant be held liable for any damages. The users don’t know that, they think that if something happens it’s the website’s fault not theirs. They want their data, money, etc to be secure but they also want to use “1234” as password at the same time. That is what the problem is.
Possible solutions to this problem are universal cross-webstie online identities such as openID. However, they are still not bullet proof.

Another problem is that even the complex passwords will not be that secure in the near future with the crackers improving and using faster and faster software (some of which is run on graphics cards) with more and more words in their databases.

In my opinion the whole username/password login model must change in the future because it will soon be useless. I dont know what we should use instead. We cant relay on low level limits (such as limiting a user to an ip) because we live in the mobile days, where the mobile phones change their ip address on every cell they register.

I cant think of a better identification mechanism. Can you?

Main points of usability are:

• Ease of learning
• Efficiency of use
• Memorability
• Error frequency and severity
• Subjective satisfaction

In this category, I will be writing about usability, relayed to my cinema kiosk interface prototype:

All these has been taken into consideration, when designing the Atro kiosk interface and the user has been given clear instructions if they have to click or something or if they have to wait for this system to do something.

The main purpose of the kiosk is to replace the sales person.

At the moment, this is only partly implemented, while the user is viewing the movies on show.

This has not been completely implemented into the prototype, but will be in the final product.

When creating the error reporting features, these should be taken into consideration:

The user must understand what the problem is.

The user must understand what have they done wrong.

The reason for the error and its details must be clear for the user.

Error messages, such as “Error 0x043502340” should not be displayed at any point to the user.

The user must not get fustrated by getting errors from your system.

Highghly emphasized error messages, with high contrasted, shining, blinking, red typefaces should be avoited.

Experts recommend that similarity with the real world is taken into consideration when designing the error reporting interface.

For example: Imagine that you have a paper form, where someone has forgotten to fill in a required information: What you will do is go to them and kindly ask “Hey, can you have a look at this…”. Most of user interfaces out there display highly emphasized error messages with a lot of blinking red text which has explanation marks. This always causes fustration in the user because it makes them feel as if they have done something very bad which can not be fixed.

In this prototype: These points have not been implemented, because the prototype does not return any errors. Once, the

For example: Giving the user a five digit ID number, which he must remember to complete the transaction in the end.

This has been taken into consideration when designing the kiosk interface and all the information that the user need is shown then they need it.

If changes are needed, they must be done in a way, that should keep the UI as close to the old one, which the users have already learned, as possible.

Techniques for promoting other less used parts of the system, by replacing them with the most used ones should be avoided. An example is Facebook, which recently implemented a new User Interface, which intents to make their users use the chat function more, by taking away some of the most used modules and replacing them with chat options. This is currently causing problems to a lot of Facebook users and most of them are not happy with the change.

In the kiosk prototype, due to the consistent UI design, it is easy to learn and all these layout will be kept in the future of the design.

This has been taken into consideration for the cinema kiosk design, where we have an aestetic and minimalist, user-centered design.