 |
A project to make businesses more aware of their customer experience, and how to fix it. By Mark Hurst. |
| About Mark Hurst | Mark's Gel Conference | New York Times Story on This Is Broken | Newsletter: Subscribe | RSS Feed |
Search this site:
Categories:
- Advertising
- Current Affairs
- Customer Service
- Fixed
- Food and Drink
- Just for Fun
- Misc
- Not broken
- Place
- Product Design
- Signs
- Travel
- Web/Tech
Previous: Microwave start-stop button | Main | Next: RV park pavement
March 23, 2004 12:12 AM
Broken: Healthcare website login
J.E. writes:
Got this message when I entered in what I thought was my username and
password. Great security requirement-- the password needs to be the same as the username!
As soon as I saw "healthcare website" next to that I thought: "HIPAA? Yeah we've heard of it!"
True, it's probably supposed to mean "your password doesn't seem to go with your username," but intead of putting the top message on, and then -another- one underneath with a little asterisk, why not just say:
"Login Incorrect
Please check your username and password [and try again]"
No need to make the end-user error message sound fancier than that.
And you don't want to have seperate error messages for "Username invalid" as well as "password incorrect" - that would allow a would-be attacker to figure out what usernames were valid first, and then force passwords against known usernames.
Maybe it's supposed to say "Password must NOT me same as username." Is your username and password identical?
Comments on this entry are closed
Previous: Microwave start-stop button | Main | Next: RV park pavement
My guess is that the error message is broken -- the programmer probably meant to say that the password must match the username.
Posted by: Heng-Cheong at March 23, 2004 03:29 AM