I recently had a client ask me to build them a password strength meter for an account signup form. Thinking that this was a good idea, I set out to do some research to see what has been done on this topic and start coding. I quickly stopped when I realized what a pointless exercise this was going be.
Who Determines What Makes a Good Password?
Google, and countless other web sites, expound on how having strong passwords are a good way to prevent someone from hacking anything that you protect with a password. The problem is, who determines what constitutes a strong password? For example, according to Microsoft, “A strong password should appear to be a random string of characters to an attacker. It should be 14 characters or longer, (eight characters or longer at a minimum). It should include a combination of uppercase and lowercase letters, numbers, and symbols.” While Google says that good passwords should, “include punctuation marks and/or numbers, mix capital and lowercase letters, include similar looking substitutions, such as the number zero for the letter ‘O’ or ‘$’ for the letter ‘S’, create a unique acronym, and include phonetic replacements, such as ‘Luv 2 Laf’ for ‘Love to Laugh’.” (note that Google also says “Don’t use a password that is listed as an example of how to pick a good password”).
What authority or group says that any password is good enough? There are none! There is no group that is accepted to approve a standard strong password in the same way that say the W3C approves web standards. The general school of thought on secure passwords is to make them so nonsensical that they can’t be guessed or hacked using things like dictionary attacks and rainbow tables. There are no official certifications or rules that determine that a password is strong because no one can guarantee that any password is safe. No matter how many characters you use, whether you use upper and lower case, and special characters, a password is just a string of text that can be recreated by a machine or human. Continue reading Web Form Password Strength Meters Are Useless
I started using Digg in 2005 and with each passing month I use it less and less. I hardly digg any stories anymore, and I usually visit once a twice a week to see what’s been driven up the popularity ladder. I’ve pretty much stopped submitting stories since they don’t seem to get any attention but in the process I discovered a weakness in the digg process that they should fix.
I call it digg ‘n ditch. It works like this. You find a story you want to submit and begin the process of adding it to digg. As soon as you submit the story (video, image, etc.) digg comes back and says sorry, someone beat you to the punch, and shows you that some smartass submitted the same link 20 minutes earlier. Then it sits there. On your monitor. Mocking you. Should I digg it you think? I was going to submit anyway so why not digg it? Oh screw it, it wasn’t that good anyway. And then you give up and browse the rest of the site or go back to filling out your TPS report.
And therein lies the flaw. A story you were going to submit and simultaneously digg, goes undugg. When digg’s system brings up their ‘oh hey sorry bud, better luck next time’ page, it should also automatically add your digg to it. You were ready to add your support to the exact same link anyway, so why not? You can always go through the exercise of undigging it if you’re really in a shitty mood and feeling petty, but you’re as lazy as I am and we know you’ll just leave it. The way it should be. Dugg.
Internet Explorer 6 is the bane of a web developer’s existence. Released in 2001 (decades ago in internet time) it still composes somewhere between 20% and 30% of the browser market. While there are several other, more capable browsers out there for users to choose from, including Microsoft’s own IE7, and its successor in beta IE8, people still use IE6 at an alarming rate. Over the years Microsoft released updates and patches for IE6, yet it is still stands as one of the worst browsers to have ever existed, so why are people still using it?
“I’m used to it, so why should I change?” is just one of a variety of reasons people give for continuing to beat this dead horse. Other popular reasons IE6 users give for not updating to IE7 are because they’re prohibited from changing their system (i.e. a work pc combined with corporate sloth or ignorance), they visit a web site that (supposedly) works best in IE6, or they just don’t know any better. As designers it’s our jobs to design beautiful, accessible web sites, not worry about why our margins look weird in IE6. For years we’ve devoted countless hours of work finagling our designs and code to accommodate this scourge of a browser.
What to Do?
As a designer it’s time to stop catering to sloth and ignorance and take a stand. For years we’ve bent over backwards to try and compensate for IE6’s massive shortcoming with hacks and tricks like conditional CSS comments and browser detection so that we can deliver IE6-specific workarounds. We’ve used GIFs and JPGs instead of PNGs or used hacks to get IE6 to render them properly. This needs to stop now. By continuing along this path, we’re simply enabling people to continue to use IE6 and give them no compelling reason to upgrade or switch browsers. IE6 is Swiss cheese in terms of security, doesn’t adhere to modern CSS standards, or support PNG images just to name some of its bigger problems. From now on, don’t waste time worrying whether or not to use PNG files – use them. Don’t bother checking browser versions and providing alternate, IE6-specific code. Design once.
But what about for testing purposes?
Nope, not even for testing purposes. What are you hoping to accomplish by testing a site in IE6? If you discover a problem, why bother fixing it? Pages need only adhere to W3C standards and pass the usual array of validators. If IE6 can’t render them properly, then that’s IE6’s problem.
The Good News
The good news is that the number of people using IE6 is steadily dwindling. Firefox, Chrome, Opera, IE7 & 8 are all better browsers and are gaining market share while IE6 loses it. While it’s just a matter of time before IE6 disappears, let’s help accelerate that demise by taking a stand and turning our backs on it. Stop Supporting IE6. Now.
OK, you borked it up for the longest time and released a new version of your comment system that was supposed to address all the harsh criticisms against the epic fail your had previously created. Well, while you made a handful of minor improvements, it still sucks.
Why? A) Check any DOM inspector and you’ll see that your comment system makes a BAJILLION individual AJAX calls to load each and every user icon. I mean c’mon, is it really that hard to display user comments? Bulletin boards and forums have been able to do this for years without nearly as much trouble as you’ve had. If slashdot can do it right all these years, maybe you can learn too.
Second, why on God’s green Earth did you decide to hide all the replies to any comment I Digg down? What logic did you apply in thinking that whenever I think comment X sucks, that you must then hide all the replies to comment X? In fact, many replies to comment X are often exactly what I thought in the first place and should be displayed! Perhaps its time you stopped thinking that Digg was the shit, and started realizing that ever since you expanded Digg’s reach to try and attract potential suitors to buy your site, that in reality you made it an ever increasing honeypot for spammers and advertisers to post completely worthless and intelligence insulting drivel that no one with half a brain reads. I used to Digg and submit stores all the time, now I visit weekly to see on the off chance if anything interesting has popped up. Sadly, this is becoming less and less frequent. Your core users are what made Digg great and you’ve decided to turned a deaf ear toward them. Maybe you’ll realize one day that they once made Digg the enjoyable site that it once was.
Short rant. When will the NFL wise up and move the Superbowl to Saturday afternoon? The Superbowl is now an event as big as any other and undoubtedly the biggest sporting event of the year. People like to drink and stuff their faces (is this news to anyone) so why not allow for some time to recover? Who wants to party hard on Sunday night when most of us have to go to work the next day. I for one, don’t like having to stagger into work bleary-eyed, or take a day off. Start the Superbowl no later than 4pm EST on Saturday afternoon and turn it into an even bigger party.