Monday assorted links

by on May 2, 2016 at 12:03 pm in Uncategorized | Permalink

1 MOFO. May 2, 2016 at 12:16 pm

I expected #2 to be tons of wrong information about password strength and all that. Luckily it was actually a pretty good article about the usability of the forms, not the passwords themselves.

2 anon May 2, 2016 at 12:31 pm

It was good. We have important passwords we really remember, and then casual ones we just recover when we need them. On casual sites, one entry and recovery is fine. Especially with “show.”

Important sites should confirm, and use two factor authentication.

3 brad May 2, 2016 at 2:46 pm

I don’t see any reason to have confirm. If they mistyped it they can use the recovery mechanism. And show should be default with hide the option. Most people aren’t creating passwords in public places.

4 dan1111 May 3, 2016 at 7:43 am

“I don’t see any reason to have confirm. If they mistyped it they can use the recovery mechanism.”

The problem with most good ideas is users. In this design, it is likely that many of them will not realize they mistyped their password and instead think your site is broken. They will then either abandon your site or generate a lot of support requests that waste your time.

Eliminating the confirmation is an interesting idea, and one worth testing, but I suspect the greater ease (and higher conversion rate) at the front will be offset by worse results later.

5 Hazel May 5, 2016 at 7:01 am


Thanks Tyler for sharing our case study (I work at Formisimo) regarding ditching the ‘Confirm password’ field.

Just wanted to pop in and say that we didn’t see any change in the number of password reset requests. That’s not definitive proof that they didn’t forget but it gives some indication that a confirmation field doesn’t help people remember their password any better.

I will say that our results shouldn’t be taken as gospel. We don’t recommend applying this without testing on your own site and with your own audience. However, we do share these things so that other people will consider testing them. As 1 person alluded to here, much of designing a great user experience is designing for user perception. There is minimal technical reason to ask users to confirm their password but, depending on your audiencve, there might be a psychological one.

Happy to answer any other questions on this.

6 Dan Lavatan May 2, 2016 at 9:22 pm

I always just copy/paste from the first field to the second. I am stunned anyone would even attempt to do that by hand. The really sophisticated probably have a browser extension to duplicate the fields. If they try and disallow copy/paste then I would abandon the site and the browser for one that disables the disallowance.

Anyway, your passwords should just be all non-printable Unicode now that HTML5 allows all the characters.

7 brad May 2, 2016 at 10:54 pm

HTML allows it, but that doesn’t mean the rest of the site’s toolchain does.

8 dan1111 May 3, 2016 at 7:45 am

A good rule of thumb for successful use of software (including websites) is “don’t try anything that the developers probably didn’t test.”

9 So Much For Subtlety May 2, 2016 at 12:38 pm

I have no idea why anyone would think that robot waiters in a low-wage country like China was a good idea. Especially why low-rent robots were sensible.

10 jim jones May 2, 2016 at 2:40 pm

So much for self-driving cars, AI can`t even operate in a controlled environment

11 So Much For Subtlety May 2, 2016 at 6:29 pm

Well in China the robots cost $7000. I would hope that self-driving cars were more sophisticated. The problem may start with low-balling your robots in a low-wage economy.

12 Troll me May 3, 2016 at 12:39 am

Wages in Shanghai aren’t low by global standards.

13 prior_test2 May 2, 2016 at 1:41 pm

2. Small steps towards dystopia – ever notice how never worries about ‘conversions?’

14 MOFO. May 2, 2016 at 1:58 pm


15 dan1111 May 3, 2016 at 7:39 am

I think p_t’s angry that businesses try to make money?

16 delurking May 2, 2016 at 1:50 pm

3. Armpit sniffing as the new frontier in assortative dating and mating. There is no great stagnation.

There. Fixed that for ya.

17 Ray Lopez May 2, 2016 at 3:19 pm

@#4 – there’s an armpit reference in this St. Looie chess city article too: “hands hidden in armpits”…

…and this seems suspicious as Satoshi: “These days, he (chess mega-patron Rex Sinquefield) plays some twenty online games at a given time, he says, describing himself as a “decent club player” with “a healthy addiction.”” But I recall he hung his queen and played like a patzer a few years ago in a “foursome” game where four players vs four player alternate making moves for each side. I thought seriously he was a Class D player, not a decent club player.

18 james May 2, 2016 at 4:19 pm

Cool story, bro.

19 JMCSF May 2, 2016 at 5:52 pm

#1. It’s not just gay dance clubs. The New York branch of Pacha, a nightclub that hosts top DJs closed at the end of 2015. The Economist reported on this trend a few months back.

Rents are rising and millennials have less disposable income. Plus, why go through the whole rigmarole of going out when you can just swipe right?

20 Art Deco May 2, 2016 at 6:55 pm

It’s Pinch Sulzberger’s TImes. Gays are Special.

21 ed May 2, 2016 at 7:14 pm

You know wrath is a mortal sin, right? At your age you should start thinking about how you are going to account for yourself.

22 albatoss May 2, 2016 at 9:24 pm

Would snark be a venial sin?

23 Mr. Econotarian May 3, 2016 at 1:58 am

The “rave” craze really got going with the early 1990’s recession leading to huge warehouses empty and owners desperate to make a buck (even if it meant some legal risk) to let promoters fill them with hundreds of ecstasy taking ravers.

Perhaps large dance clubs are a counter-cyclical phenomenon…

24 dirk May 2, 2016 at 6:29 pm

Appalachian Lives Matter

25 Troll me May 3, 2016 at 12:44 am

Some more than others, it would seem.

26 JC May 2, 2016 at 10:49 pm

The fact that the article about chess and St. Louis doesn’t even mention that Susan Polgar teaches there borders on being a hanging offense. Wow.

27 Nathan W May 3, 2016 at 12:29 am

You can use random password generators.

Or if you don’t trust them, just mash up a bunch of keys, copy-paste, virus-proof your USB key(s) for backup, list in .txt file by site, and copy-paste back into p/w field as necessary (and just don’t look too close while you do it, for the “remote neural monitoring” case) if history is cleared or for double entry to confirm the “random” p/w.

28 ed May 3, 2016 at 8:19 am

Someone didn’t read the article. That would take too much time away from bloviating.

29 Nathan W May 3, 2016 at 4:14 pm

Sorry. I changed from the specific sub-topic of the article to the general topic. Such misdirection should be banned.

Comments on this entry are closed.

Previous post:

Next post: