{"id":664,"date":"2011-12-26T09:17:44","date_gmt":"2011-12-26T17:17:44","guid":{"rendered":"http:\/\/www.nadynerichmond.com\/blog\/?p=664"},"modified":"2011-12-22T09:46:58","modified_gmt":"2011-12-22T17:46:58","slug":"the-password-conundrum","status":"publish","type":"post","link":"https:\/\/www.nadynerichmond.com\/blog\/2011\/12\/26\/the-password-conundrum\/","title":{"rendered":"the password conundrum"},"content":{"rendered":"<p>I recently switched my home Internet service from Covad DSL to Comcast Teleworker<sup class='footnote'><a href='#fn-664-1' id='fnref-664-1' onclick='return fdfootnote_show(664)'>1<\/a><\/sup>. \u00a0Almost everything has gone swimmingly so far: signing up online was painless, the tech came out within the assigned window and he was very nice and professional, and my new service is So Much Faster.<\/p>\n<p>After the tech had everything hooked up, I went online to create my account so that I could view my bill and have yet another email address. \u00a0They wanted me to create a password of 8-16 characters in length, and that includes 1 upper-case letter, 1 lower-case letter, and one number or special-character. \u00a0This is fine by me, since all of my passwords meet these requirements<sup class='footnote'><a href='#fn-664-2' id='fnref-664-2' onclick='return fdfootnote_show(664)'>2<\/a><\/sup>. \u00a0So I fired up <a title=\"1Password password manager\" href=\"https:\/\/agilebits.com\/products\/1password\">1Password<\/a>, set it to generate a password that meets these requirements, and put it into the form. \u00a0After doing so, I saw this:<a href=\"http:\/\/www.nadynerichmond.com\/blog\/wp-content\/uploads\/2011\/12\/goodpassword.gif\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-665\" title=\"goodpassword\" src=\"http:\/\/www.nadynerichmond.com\/blog\/wp-content\/uploads\/2011\/12\/goodpassword.gif\" alt=\"Comcast said that my password was a good password\" width=\"609\" height=\"74\" srcset=\"https:\/\/www.nadynerichmond.com\/blog\/wp-content\/uploads\/2011\/12\/goodpassword.gif 609w, https:\/\/www.nadynerichmond.com\/blog\/wp-content\/uploads\/2011\/12\/goodpassword-300x36.gif 300w\" sizes=\"auto, (max-width: 609px) 100vw, 609px\" \/><\/a><\/p>\n<p>I filled out the rest of the page, and I got the following error message:<\/p>\n<blockquote><p>The password you entered doesn&#8217;t meet the minimum criteria for a safe password. Use between 8 and 16 characters with at least 1 lower-case letter, 1 upper-case letter, and 1 number or special character (no spaces, case sensitive).<\/p><\/blockquote>\n<p>So I checked my generated password. \u00a0In fact, I&#8217;ll share it with you, since I couldn&#8217;t use it:\u00a0r9H4ybnAyf+Acw. \u00a0It&#8217;s the right length (14 characters), it&#8217;s of mixed case, it&#8217;s got a number, and it&#8217;s got a special character too. \u00a0As a geek, I know that the + in there could cause a problem, so I generated another password. \u00a0This one had a } in it, which also caused a problem. \u00a0I went through three more automatically-generated passwords until I finally got one that was acceptable.<\/p>\n<p>There are two user experience issues here:<\/p>\n<ol>\n<li>They have a limited subset of special characters, but they don&#8217;t tell you what that subset is.<\/li>\n<li>When you enter your password, the form is validating whether the password is a good one. \u00a0However, their validation isn&#8217;t correct, since the page says that a password is good, but then the system kicks back an error on submission. \u00a0Don&#8217;t tell me that my password is good when you won&#8217;t accept it!<\/li>\n<\/ol>\n<p>Strangely, the former point is actually addressed when creating additional accounts. \u00a0The page for creating a secondary account is different than the one used for the primary account, and the password field there includes this descriptive text:<\/p>\n<blockquote><p>8-16 characters. At least one upper case letter, at least one lower case letter, and at least one number or special character (! @ # $ % ^ &amp; *) are required. No spaces. Case-sensitive.<\/p><\/blockquote>\n<p>This would have saved me a few erroneous form submissions if they had told me this when I was creating my account! \u00a0The basic information is still the same, but they specify which special characters are acceptable.<\/p>\n<p>Many companies forget about the first user experience. \u00a0I make fun of unboxing videos, but getting your new item out of the packaging is part of the user experience. \u00a0Your first few minutes are where your first impression gets created, and that first impression is an important one. \u00a0It sets your expectations. \u00a0By not paying attention to the details of your first user experience, you can inadvertently set expectations that you don&#8217;t want set. \u00a0On one hand, I&#8217;m happy that Comcast is enforcing passwords that are more secure than usual. \u00a0On the other hand, I&#8217;m not happy that they don&#8217;t give me all of the information that I need. \u00a0It means that I don&#8217;t entirely trust them now.<\/p>\n<div class='footnotes' id='footnotes-664'>\n<div class='footnotedivider'><\/div>\n<ol>\n<li id='fn-664-1'> Yes, I&#8217;m well aware of the issues that some folks have experienced with Comcast. <span class='footnotereverse'><a href='#fnref-664-1'>&#8617;<\/a><\/span><\/li>\n<li id='fn-664-2'> Well, to be completely accurate, this isn&#8217;t true. \u00a0I have several passwords that are longer than 16 characters. <span class='footnotereverse'><a href='#fnref-664-2'>&#8617;<\/a><\/span><\/li>\n<\/ol>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>I recently switched my home Internet service from Covad DSL to Comcast Teleworker1. \u00a0Almost everything has gone swimmingly so far: signing up online was painless, the tech came out within the assigned window and he was very nice and professional, and my new service is So Much Faster. After the tech had everything hooked up, &hellip; <a href=\"https:\/\/www.nadynerichmond.com\/blog\/2011\/12\/26\/the-password-conundrum\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">the password conundrum<\/span> <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3,18],"tags":[],"class_list":["post-664","post","type-post","status-publish","format-standard","hentry","category-nadyne","category-ux"],"_links":{"self":[{"href":"https:\/\/www.nadynerichmond.com\/blog\/wp-json\/wp\/v2\/posts\/664","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.nadynerichmond.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.nadynerichmond.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.nadynerichmond.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.nadynerichmond.com\/blog\/wp-json\/wp\/v2\/comments?post=664"}],"version-history":[{"count":1,"href":"https:\/\/www.nadynerichmond.com\/blog\/wp-json\/wp\/v2\/posts\/664\/revisions"}],"predecessor-version":[{"id":667,"href":"https:\/\/www.nadynerichmond.com\/blog\/wp-json\/wp\/v2\/posts\/664\/revisions\/667"}],"wp:attachment":[{"href":"https:\/\/www.nadynerichmond.com\/blog\/wp-json\/wp\/v2\/media?parent=664"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.nadynerichmond.com\/blog\/wp-json\/wp\/v2\/categories?post=664"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.nadynerichmond.com\/blog\/wp-json\/wp\/v2\/tags?post=664"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}