I tried to fill the registration form with my login and password. After five attempts, each refused with message password too short or too long my frustration hit a limit.
First, I would like to know whether you claim my password as too short or too long.
Second, what's the point in limiting password length if it's hash has a fixed size, independent on password length? Or maybe you don't hash the passwords? Ekhm...
Advice: Do not put unreasonable constraints on user password. Simplifying password reduces safety and, hence, your credibility.
Observed at: www.rockserwis.pl
Saturday, August 20, 2011
Do not send passwords via e-mail
Sometimes after successful registration I receive an unencrypted e-mail that contain my login and my password in plain text. What's the point in securing the registration form if, a moment later, the credentials are being exposed badly, potentially giving access to the account?
What's more, if someone unluckily broke into my e-mail account he would get an extra gift - passwords to my other accounts.
As a result, my level of trust drops significantly. How do I know that they don't store my password in plain text? Hashing of passwords is such a basic thing...
Advice: Do not send passwords via (unencrypted) e-mail. Account activation link is enough.
Observed at: www.mojwzrok.pl and many other places...
What's more, if someone unluckily broke into my e-mail account he would get an extra gift - passwords to my other accounts.
As a result, my level of trust drops significantly. How do I know that they don't store my password in plain text? Hashing of passwords is such a basic thing...
Advice: Do not send passwords via (unencrypted) e-mail. Account activation link is enough.
Observed at: www.mojwzrok.pl and many other places...
Encrypt customer's personal data
I entered an online bookstore. The registration form asked me for my name, postal address, e-mail, phone number and, of course, my login and password.
However, it was not encrypted with HTTPS. I gave up right away.
That's a perfect example how to lose customers.
Advice: Always encrypt customer's personal data. HTTPS is your friend.
Observed at: www.dobreksiazki.pl
However, it was not encrypted with HTTPS. I gave up right away.
That's a perfect example how to lose customers.
Advice: Always encrypt customer's personal data. HTTPS is your friend.
Observed at: www.dobreksiazki.pl
Friday, August 19, 2011
Välkomna
I started this blog because I continuously encounter amazing examples of ignorance and foolish attitude to customers. Those anti-patterns appear everywhere, both in the web and traditional stores.
I decided to write my observations in one place to prevent designers and sellers from making such mistakes.
I hope one day it will save some life from frustration and resignation of a customer.
I decided to write my observations in one place to prevent designers and sellers from making such mistakes.
I hope one day it will save some life from frustration and resignation of a customer.
Subscribe to:
Posts (Atom)