My Photo


« AppNite Geek Discount for Graphing Social Patterns East (DC, 6/9-11) | Main | World of Wifecraft »

Tuesday, June 03, 2008



I might be wrong at why you're pissed off, but it seems like the error messages might be intentionally vague so as to reduce the ability for attackers to guess usernames.

Social Marketing Journal

Very expressive post eh? Either way, you have a point. We feel your pain!


What's my login to this damn blog again??

Cyndy Aleo-Carreira

And this is exactly why I've been using Passpack for a year. If they had a mobile version, I'd totally marry them.


what about sxipper


Ditto sprfrkr, who does it well?

What are some answers? Here's a start:
+ NOT OpenID
+ no non-standard usernames
+ tell user if the username is an email or not
+ no non-standard password rules (i would be satisfied with 6+ alpha-numerics for just about everything)(6+ alphas ok for weak?)(8+alpha-numerics ok for strong?)(no capitals, no special chars)

John Cowan

I use the same password for all sites that don't involve being able to get to my money. Why not?

Nick Gonzalez

So many developers forget to design applications for when things go wrong.


You probably already know this...BUT...AT&T has taken over Starbucks WiFi, which means if you were able to access with, say, T-Mobile, that account will no longer be available.
If you have AT&T (or email or a $59.99 wireless data plan or higher, use your login for that and you should be good to go.


So which website does it right? Send an example and I'll do it on our site at least...


too bad they don't support OpenID sign ins, then you could have signed in using an existing account that you already have, without having to remember yet another username and password.

Brad Feld

As someone who has changed password algorithms so many times, I just stand up and cheer for you. Go Dave.

Stacy O'Connell

hilarious. and well put.

Dan Thornton

Totally agree. Especially after spending hours trying to get back into Yahoo for the first time in about 2 years, simply because they merged the login with mybloglog.

Chris Messina

Eloquently put.

I essentially agree with you, which is why we need to work on solutions that obsolete password entry altogether. They're a holdover from days past. And when we talk about OpenID, nowhere does OpenID specify how you do authentication, it only specifies the protocol for making a claim.

Therefore, it may be part of the solution, it may not be. At least companies (like my new employer) are experimenting with different, possibly more benign, means of authenticating.

I agree through, the Starbucks experience is retarded.

Jen Carole

Man, I can only give you my condolences. I talk to teens almost every day about tech and they would agree (and have even fewer brain cells to dedicate to the process).

They don't get why they have to enter the same info across all devices. They just want to sign in once regardless of what device they are using.

Yet, if we allowed it, I am sure they would sum up the problem as you did. Quite eloquent. Sometimes that word does just say it all.

The comments to this entry are closed.