This caused a lot of controversy as it places the usability of the users interaction before security considerations and challenges an established convention.  However, as he points out, many people are accessing sites in situations where they are not over looked and making it more difficult to enter passwords may causes users to choose simpleless secure passwords. This is particularly true with mobile devices where users often enter shorter passwords to make it easier as they have a numeric keypad.  He also argues that obscuring the password does little to protect the password anyway since if someone wants to work out your password they could always look at the keyboard.  However, if the password is on screen it is certainly easier to see from a distance if for example you are working in a open plan office.

His objection may be correct, many people will be entering a password in a situation where they are not overlooked and making it difficult for these users just because some people are does not necessarily make sense.  However, failing to mask password characters may have wider implications.  As the site does not mask the password it may create the perception that the user does not need to safe guard this information resulting in more careless behaviour.

Jakob is aware displaying the password may not be ideal in all situations and suggests that a control could be provided allowing users to select to hide their password.  This approach is currently used within windows network settings and some WiFi software.  In a recent article on list apart Lyle Mullican explores this approach in more detail.  However, theapproach places the responsibility for managing whether the password is displayed with the user and adds complexity.  It is also a modal control (the user selects either to display asterisks or actual characters) which can cause usability issues.  For instance, the user may start typing the password without realizing it is being displayed revealing it to those around them.

IE 8 password entry dialogue allows the user to select whether the password is shown.

Chris Coyier in his article Better Password Inputs, iPhone Style suggests doing something similar to what is done on the ipod touch/ iphone interface where only the last letter is displayed on screen. This is fine for a mobile device where the user can take steps to ensure no one is looking at the screen while they input the details but may be an issue when displayed on a monitor.  Users may also fail to notice mistakes when they press another key immediately after they mistyped.

An alternative approach which addresses many of the issues is to hide the password by default but provide a button that when held down reveals the password.  Although the user doesn’t receive immediate feedback they have the option to check their password before submitting and the user could hold the button down while typing if required.  This approach highlights the importance of keeping the password secret and only shows it when the user expressly indicates it is safe to do so.  It also removes the chance of users accidentally revealing their password.  This is not necessarily an ideal solution in every case and there will be instances where it is best to display the password in full by default.  However, assuming thew user is entering a password in a private office or passing all responsibility for safe guarding secrecy to the user are not ideal whatever the usability issues.

The reason for these images becoming more and more difficult to decipher is that the programs used to place spam become more sophisticated in order to overcome the obstacles placed in there way.  Gmail, yahoo and hotmail have all had their CAPTCHA images broken by spammers and although it is fairly easy to present a image in a different way it does mean they have to be fairly obscure.

Gmail, yahoo and hotmail’s CAPTCHA broken by spammers

This method is fairly widely used on the internet but places the emphasis on the user to prove they are not a computer program.  There are alternatives to this approach for instance akismet looks at content submitted to a web site and assesses it against various criteria to determine whether it is likely to be spam.  Flagged content can then be reviewed by the administrator.  Similarly anti-spam programs can be used to filter out spam sent from contact forms rather than making it more difficult for customers to contact you.

Honey pots are another method that can be used on forms to help prevent submissions from malicious programs.  This involves placing extra fields within a form that will be invisible to your users.  As the programs do not view pages in the same way as users they tend to complete these fields meaning you can reject these submissions. Ned Batchelder’s article Stopping spambots with hashes and honeypots covers the use of honey pots to prevent spam in more detail.  It also indicates how to make things even more difficult for automated spam programs by randomising field names and using the submitters IP address to prevent automatic submissions from groups of machines.

These methods can do a lot to help minimise misuse of your site by malicious programs.  However, to some extent it will depend on the value of your site to spammers.  Gmail, yahoo and hotmail have seen their CAPTCHA images broken as it is worth the effort in order to get large numbers of programs automatically registering email accounts and sending spam.  Honey pots on there own will be easier to overcome if there is good reason to do so, although Ned Batchelder’s full method is likely to be more difficult.  You can reduce the value of overcoming your defences by doing things such as using no follow links in comments on your site so they will not improve search engine rating.

The main thing is not to use CAPTCHA indiscriminately on forms.  There may be some situations where it is useful particularly if the returns for beating your defences are significant.  However, in the majority of cases you are creating a barrier for the people using your site.

The researchers have suggested that this difference may be a result of differences in the way men and women use the web, with men using it for information gathering and women using it for social relationships. However, it is unclear whether this expressed preference will actually have a bearing on behaviour. Just because women say it is less important does not mean they are necessarily more likely to remain on a site with large delays. Neither does it indicate what men and women consider a slow download speed.

Usability Study: Men Need Speed

The use of abbreviations, acronyms and technical language often serves to confuse users as it requires specialist knowledge. In a recent study the gadget helpline surveyed more than 5000 people to discover the least understood technical terms. The top ten most confusing include dongle, cookie and WAP. Interesting digital TV also appears in the list given the amount spent promoting the digital switch over. May be the range of television services, such as freesat, on demand TV, sky and sky plus, make it unclear which are included in digital TV. The study also highlights how brand names for technology can further confuse things creating multiple terms for the same technology.
Gadget jargon still confuses many

Measuring apects of real world behaviour often reveals correlations between different variables.  Correlations indicate the strength and direction of the relationship.  For instance, there may be a correlation between the length of the page and time spent on a site. However, it is important to remember when looking at correlations that they do not prove one variable is responsible for another.  One may cause the other, the other way round or they may both be affected by a third factor.  In the case of page length and time on site, users may be spending longer on the site as there is more to read or because it is harder to find what they are looking for.  It may also be that sites with longer pages have something else in common that mean users spend more time, such as more related content to which users can be directed.

Well for one day,  according to TG Daily reporting satistics provided by Net Applications Safari is listed with a 10.91% share of the browser market on 28 February 2009.  This seems to be due to rapid uptake of the new beta version of Safari which is estimated to have been downloaded 11 million times over four days.

It is important to be careful when reviewing this type of browser statistics as there is generally some sampling bias as figures are collected from sites using their products.  However, it does highlight the importance of Safari.

Net Applications figures for the month put Safari’s market share at 7% overall which is a significant number of people even discounting the latest boost from the beta.  However, it should be noted that their figures place the market share of the mac operating system at nearly 10%.  This suggests that mac users may be more likely than microsoft users to switch from the browser packaged with the operating system to firefox or another browser.

Analysis: Safari 4 lifts Apple above 10% browser market share

Browser Market Share

I recently received a letter I originally dismissed as spam.  The first line read ‘We’re currently checking all our customers’ details to make sure our records are kept up to date.’. The thing that made me question whether this was the usual run of the mill phishing letter attempting to steal my passwords and my life was that I didn’t receive it in my inbox but through my door. Now I’m not saying you can’t get phishing attempts through the post, I once received a hand written letter from the wife of an ex-president of nigeria offering to share millions.  However, generally people running these cons don’t want to have to pay postage.

The other thing that made me think that the letter may be genuine was the lack of dodgy web address designed to coax me in to supplying personal details and secret codes.  It turns out the letter was from Ocardo trying to encourage me to change my setting on there site to receive updates.  In fact, if I was willing to sign up of updates on the service they were willing to give me a £5 shopping vouchure.  However, in order to drive me to the site they had decided to present the letter as encouraging their customers to update there details.  This not only feels like a dishonest way to communicate with your customers it lends credibility to phishing emails.

Some sampling bias is likely with any user research since they will only include people willing to take part in research (self selection). Incentives can be used to encourage participation, however it is important to select the correct incentive since it will make it more likely that you recruit those that find the incentive of value. A degree of sampling bias is not necessarily a problem as long steps are taken to ensure the sample is representative of the target audience and the sampling method is considered at the time of analysis.

Before implementing the findings of research it is important to evaluate them against the needs of the wider target audience and the business, whether changes will impact other parts of the site and whether the respondents are your key audience. No research should be taken at face value blindly implementing users opinions. User research is an important tool informing us of our audiences needs, opinions and behaviour but we need to look at it critically and in the context in which it was conducted.

Pownce the micro blogging community site that allows you to send messages, links and files to your friends will shut down on 15 December 2008.  The site, created by among others Kevin Rose the man that brought you digg, has been bought by six apart the company behind blogging software such as moveable type and typepad.

The decision to simply close the site rather than attempt to integrate the pownce community into their own site seems a little odd since community sites rely on their ability to retain and build users. Tools have been provided allowing the users to move their content to Vox, six aparts blogging community, however, I imagine many users will feel rejected by six apart and move to another platform. One can only imagine that unnamed factors made the cost of maintaining both communities or integrating them prohibitive.

A recent article on the Specyboy blog provides a summary of some of the most useful firefox plugins for web designers.  These include the excellent web developer extension which I have used for several years.  A lot of the other plugins perform tasks already covered by the web developer plugin, however there is the odd interesting one.  These include abduction a screen capture tool and  extended status bar which provides information on load speed.  The full list can be seen here, 27 Indispensable Web Design and Development Firefox Extensions.