theory behind login screen of IxDA ?

18 Oct 2007 - 1:23pm
6 years ago
24 replies
964 reads
kiran mova
2007

I have a very tough time managing the passwords on the various collaboration
sites, and the list of the number of sites that one has to register is only
increasing. I registered with IxDA a couple of weeks back and have found the
discussion mails very helpful. I decided to login today and I was afraid, I
will have trouble remembering the password.

The login screen that was presented, lifted the weight off my grey cells. I
found it extremely intuitive to login to the site using the userid/email.

Is this the way to go for the new sites (at least for the collaboration
sites)? what are other ways to simplify login screens?

Comments

18 Oct 2007 - 5:45pm
Jeff Howard
2004

Hi Kiran,

The thinking behind the design of the sign-in process was that most
of the people who have registered for the list over the years have no
idea what their Mailman password is. Requiring it would have been a
barrier to adoption. People have too many passwords to remember as it
is and I didn't want to add to the memory burden by having them
create a new one. It's not like this is investment banking or
anything.

The sign-in scheme mainly exists to prevent bots from easily spamming
the list. The original design didn't even require an e-mail
confirmation. It simply accepted whoever you said you were (just as a
wordpress or blogspot blog normally would) as long as it matched the
details of an existing member. That was a little too open for some
people. E-mail discussion lists are inherently insecure regarding
identity but the addition of a one-time confirmation process makes
things seem a little more secure without being too onerous.

That said, something like 95% of the people who use the website
don't bother to sign in at all.

// jeff

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Posted from the new ixda.org
http://gamma.ixda.org/discuss?post=21648

18 Oct 2007 - 6:54pm
Loren Baxter
2007

The login is fantastic for ease of use - except that I sometimes find
myself typing a username into field one, and then a password into
field two, thus failing to log in :) old habits die hard.

I've always wondered what the security considerations were with the
authentication. Everybody's credentials are immediately accessible:
if I want to be Jeff Howard I just type the name and the email (which
is conveniently listed just below). Have you run into problems with
this? Are there other measures taken to prevent "identity theft?"

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Posted from the new ixda.org
http://gamma.ixda.org/discuss?post=21648

18 Oct 2007 - 7:07pm
AlokJain
2006

I just tried that :-) Got a message that since I have not used this
computer to login before with that Name and Email an email is sent
(my apologies to the person who would have got it )

It's an interesting approach and will be interesting to see how it
works out.

But one question, if the authentication is based on the machine being
used to login, why have two fields and not just email address?

Regards
AJ

On Oct 18, 2007, at 4:54 PM, Loren Baxter wrote:

> The login is fantastic for ease of use - except that I sometimes find
> myself typing a username into field one, and then a password into
> field two, thus failing to log in :) old habits die hard.
>
> I've always wondered what the security considerations were with the
> authentication. Everybody's credentials are immediately accessible:
> if I want to be Jeff Howard I just type the name and the email (which
> is conveniently listed just below). Have you run into problems with
> this? Are there other measures taken to prevent "identity theft?"
>
>
> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
> Posted from the new ixda.org
> http://gamma.ixda.org/discuss?post=21648
>
>
> ________________________________________________________________
> Welcome to the Interaction Design Association (IxDA)!
> To post to this list ....... discuss at ixda.org
> Unsubscribe ................ http://gamma.ixda.org/unsubscribe
> List Guidelines ............ http://gamma.ixda.org/guidelines
> List Help .................. http://gamma.ixda.org/help

18 Oct 2007 - 8:47pm
Josh Seiden
2003

So that we can refer to one another by our names :)

Josh

On 10/18/07, Alok Jain <alok.ajain1 at gmail.com> wrote:

>
> But one question, if the authentication is based on the machine being
> used to login, why have two fields and not just email address?

18 Oct 2007 - 8:54pm
Jeff Howard
2004

Hi Loren,

That's the security concern that prompted the confirmation step.
When you confirm your account for the first time, it associates an IP
address with your profile and stores a cookie on your browser. An
imposter would need to have access to one of those two credentials to
sign in as you (as Alok demonstrated).

The two-field requirement was originally so bots couldn't just throw
addresses against the login... they'd need to at least match up the
right name with the right address. That's probably not that hard,
and with the new measures it's no longer necessary, except as
security theater (two fields are more secure than one).

But if you were going to go to the trouble of impersonating someone
it'd be easier just to use e-mail itself. Programs like Apple Mail
put no restrictions on what you declare as a name or address for your
outgoing e-mail.

// jeff

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Posted from the new ixda.org
http://gamma.ixda.org/discuss?post=21648

18 Oct 2007 - 10:06pm
SemanticWill
2007

Wow - Jeff invoked Bruce Schneier on IxDA.
http://www.schneier.com/blog/archives/2007/01/in_praise_of_se.html
I must be hallucinating. In a parallel universe -- IxDA people
actually care about Crypto and security in the context of usable systems :-)
just kidding of course. We don't spend any time on this list discussing
security, authority and trust in the context of IxD. Perhaps we should!

~ will

"Where you innovate, how you innovate,
and what you innovate are design problems"
-------------------------------------------------------
will evans
user experience architect
wkevans4 at gmail.com
-------------------------------------------------------

19 Oct 2007 - 12:30pm
Christopher Fahey
2005

> The login screen that was presented, lifted the weight off my grey cells.
> I found it extremely intuitive to login to the site using the userid/email.

I have the opposite view: I have no idea how to log in to the IxDA
site, and think it's one of the most awkward login screens I've ever
seen. The first ten times I tried to login I either bailed or failed
for one reason or another.

Let me walk through my thoughts when looking at the sign-in form: It
definitely "Made me Think":

... Signing in with my "Name"? I've never seen that before. What the
heck is my "name"? cfahey? cf? chris.fahey? Christopher Fahey? Chris
Fahey? Caps sensitive? With spaces?... What is the authentication
here? It doesn't say on the form, and I do *not* want to read all
that little grey text. I am not confident that this is a secure
system... How do I find out what name I initially used to sign in? Is
there a "forgot name" link? Where is the password part, is that on
another screen? How will it know that the person I claim to be is the
same person who posts to the list by email?... I sign in on using
multiple computers and/or clear my cookies/caches fairly frequently,
will I have to go through all of this over and over again every time
I want to use the site?... Dude, where is the login form!...

I just now tried to log in, and it worked (apparently it remembers
me), but I am still generally reluctant to visit the web site at all
because I fear that it will forget me and I'll get all confused by
the form again. This is why I stick with the email list.

For almost every web site that I use, the login pattern fits one of
three basic models (none of which match IxDA's approach):

1) I know my username and password, and I type them in.
2) I use the site so often that I've asked my browser to remember the
password.
3) I forgot the password, so I use the "forgot password" feature to
get me in.

Despite the fact that web sites generally think they're so important
to their users that users will remember their passwords, I actually
use mode #3 almost every single day on one site or another. (I would
guess that this is an extremely common login method for lots of
people, I wonder why it's not more formalized).

I don't see the big deal of just having a email/password + "remember
my password" system. Maybe then more than 5% of visitors would log in.

-Cf

Christopher Fahey
____________________________
Behavior
biz: http://www.behaviordesign.com
me: http://www.graphpaper.com

20 Oct 2007 - 6:48pm
Jeff Howard
2004

Hi Christopher,

Thanks for the feedback. That sort of think-aloud is helpful for
seeing the process through your eyes. I'm glad that it finally
worked for you and I'm sorry that it wasn't a little easier. I'd
be curious to hear the details of some of the failed attempts if you
remember.

Also, it'd be helpful to know whether others have had similar
problems signing in to the site. Here's the link:
http://gamma.ixda.org/signin.php

Feel free to post your experiences here or send comments via e-mail
to feedback at ixda dot org. I'm particularly interested in the
people who reflexively enter passwords of some kind (this slip seems
to be a little more common). Do people actually remember their
Mailman passwords? Or is it some other random password that isn't
associated with IxDA?

// jeff

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Posted from the new ixda.org
http://gamma.ixda.org/discuss?post=21648

21 Oct 2007 - 2:46am
Min Lin
2007

This is a very interesting topic. The first time I tried to log in, I felt a
little bit confused too. It certainly is a kind of new paradigm for login.
Thank you Jeff for explaining the rationale behind it. I am still curious
about why the email field does not take the password as well. That is, a
person can put in either the email address or the password to log in. After
noticing that some people would put their passwords (if they remember) into
the second field no matter what it would be labeled, I think it would be
helpful to accept both as valid entry instead of asking people to think
about what to put in.

Min

22 Oct 2007 - 1:35pm
Dave Philbin
2005

Just as a data point, I never even tried to login to the website,
because I was scared off by the term 'login'. I knew I had no idea
what my mailman password was, so I wouldn't be able to log in.
It wasn't until this thread, and learning that I didn't need that
password that I was able to use the site as a poster.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Posted from the new ixda.org
http://gamma.ixda.org/discuss?post=21648

22 Oct 2007 - 2:41pm
Dave Malouf
2005

What word/phrase/attribution would communicate this better?

To baseline this, we are saying ... "Identify yourself", right? So
what label would work that wouldn't be as scary yet still
communicate that there is a "process"?

-- dave

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Posted from the new ixda.org
http://gamma.ixda.org/discuss?post=21648

22 Oct 2007 - 4:30pm
Jeff Howard
2004

As far as I know the term "login" doesn't appear anywhere on the
gamma or beta sites.

I've always found "signing in" to be the better metaphor for
community sites. Small detail maybe but logging in seems to be too
CS, too system-centric. To me, signing in evokes entry to a social
space. For instance, signing the guest book at an art opening or a
wedding or signing in at the front desk when entering a building or
office.

To answer Min's question, the mailing list passwords are
auto-generated by a separate system (Mailman) and stored in a way
that's impossible to use for authentication on this website. That
was one constraint that drove the design. With the passwords wrapped
up in a black box, how could we grandfather existing members into the
new site without asking them to register for a new account?

The sign-in page says "If you're receiving the discussion list then
you already have an account; just use your subscription details to
sign in." But you have to go there to see that it's not asking for
a password.

// jeff

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Posted from the new ixda.org
http://gamma.ixda.org/discuss?post=21648

22 Oct 2007 - 5:26pm
beril guvendik
2006

On 10/22/07, Beril Guvendik <berilguvendik at gmail.com> wrote:

I am actually curious why there isn't any real password protection to sign in to the IXDA discussions area.

The identification required to "sign in" is pretty straight forward and easy to guess. Call me old fashioned but I am actually not comfortable by the fact that it's extremely easy for anyone to be able to sign in as me and fill out my profile information, upload an avatar or worse post as me without me even noticing.

Beril

22 Oct 2007 - 7:08pm
Jeff Howard
2004

The security of the IxDA discussion list is built on the goodwill of
the membership. We consent not to impersonate each other not because
it's impossible, or even difficult, but simply because there's no
incentive to act otherwise.

No public mailing list is actually secure. Anyone can post as any
other member directly from e-mail. Think about it... how do you know
that I'm actually Jeff Howard? I'm posting from e-mail now, but when
I set up my Apple mail preferences no one checked my birth
certificate to see whether I was telling the truth. I could just as
easily have chosen to go by Beril, or Alok, or Dave, or Lin, or Will,
or Christopher. Same thing with my e-mail address. Apple mail
believes whatever I tell it. In fact, I regularly switch my identity
between howardesign.com, ixda.org and Gmail addresses, depending on
the message.

Requiring passwords for the website would be like installing bars on
the windows of a house while leaving the front door standing ajar.

That said, the website requires members to confirm receipt of a
verification message before it lets them into their account for the
first time. No one could easily sign in as you and fill out your
profile, upload an avatar or post unless they had access to your
Gmail account or to your computer.

I could do a better job communicating how the sign-in system works up
front, but I'm fascinated that the same standards of security aren't
expected of the e-mail channel.

// jeff

On Oct 22, 2007, at 3:25 PM, Beril Guvendik wrote:

> I am actually curious why there isn't any real password protection
> to sign in to the IXDA discussions area.

22 Oct 2007 - 7:17pm
Christian Crumlish
2006

On 10/22/07, Jeff Howard <id at howardesign.com> wrote:
>
> I could do a better job communicating how the sign-in system works up
> front, but I'm fascinated that the same standards of security aren't
> expected of the e-mail channel.
>

Context is king.

-x-

24 Oct 2007 - 12:32am
kiran mova
2007

Hi Jeff, and all.

It has been very interesting to hear different views on this topic. I am
working on designing the login panel for a community site, whose security
context is similar to ixda:

>The security of the IxDA discussion list is built on the goodwill of
>the membership. We consent not to impersonate each other not because
>it's impossible, or even difficult, but simply because there's no
>incentive to act otherwise.

And if I follow the same authentication mechanism as ixda of verifying the
machine ip (first time a different machine is used, send a verification mail
to the user.)

How about prompting only for the email?

(User can always go back to the last email received from discussion list and
there is no need to remember what name was entered..The first time a user
logs in, I could ask for a name and it can be edited later through account
settings.)

Thanks
Kiran

On 10/22/07, Christian Crumlish <xian at pobox.com> wrote:
>
> On 10/22/07, Jeff Howard <id at howardesign.com> wrote:
> >
> > I could do a better job communicating how the sign-in system works up
> > front, but I'm fascinated that the same standards of security aren't
> > expected of the e-mail channel.
> >
>
> Context is king.
>
> -x-
> ________________________________________________________________
> Welcome to the Interaction Design Association (IxDA)!
> To post to this list ....... discuss at ixda.org
> Unsubscribe ................ http://gamma.ixda.org/unsubscribe
> List Guidelines ............ http://gamma.ixda.org/guidelines
> List Help .................. http://gamma.ixda.org/help
>

24 Oct 2007 - 10:31am
Kivi Shapiro
2007

Jeff makes a good point about how easy it is to send email
under someone else's name. I think people don't really
think about it: after all, a username and password are
needed to *receive* email, so it doesn't occur to them that
the ability to *send* email would be any less secure. So
there's a certain amount of securitiness involved.

If the goal is to match the web interface model to the email
model, and that does seem a reasonable goal, then
replicating that securitiness mightn't be a bad idea.

So I'd suggest having a standard e-mail address/password
screen. Use Secure HTTP, so whatever people happen to type
in the password field doesn't get sent over the Internet in
plain text. But then? Ignore what they put in the password
field, and go by the e-mail address alone.

Kivi

Kivi Shapiro
Interaction Designer
Qualicom Innovations Inc.
416 790-3044

24 Oct 2007 - 11:52am
Alexander Baxevanis
2007

On 10/24/07, Kivi Shapiro <kivi.shapiro at qualicom.com> wrote:
> Jeff makes a good point about how easy it is to send email
> under someone else's name. I think people don't really
> think about it: after all, a username and password are
> needed to *receive* email, so it doesn't occur to them that
> the ability to *send* email would be any less secure. So
> there's a certain amount of securitiness involved.

Actually, this is not the case. E-mails with forged "From:" address
can be frequently detected and dropped by today's spam filters.
Basically, owners of domains are able to specify that valid e-mails
from a domain (e.g. @gmail.com) can only originate from specific IP
addresses (e.g. GMails mail servers). And many ISPs now require
authentication for sending as well (although sometimes this is handled
automatically by e-mail software and you don't need to enter your
login details twice).

If you're interested in the technicalities, take a look there:
http://en.wikipedia.org/wiki/E-mail_authentication

> So I'd suggest having a standard e-mail address/password
> screen. Use Secure HTTP, so whatever people happen to type
> in the password field doesn't get sent over the Internet in
> plain text. But then? Ignore what they put in the password
> field, and go by the e-mail address alone.

Deliberately misleading users about security issues does not amount to
good usability, IMHO.

Regards,

Alex

24 Oct 2007 - 12:43pm
Dave Malouf
2005

Alex, excellent point, however, Gmail does not send through my private
smtp server. It COULD! but it doesn't. So when I use GMAIL as my
front end for my private email, by your reckoning it should spam
filter out, no?

I don't think I'm alone in my use of Gmail as my primary front end
for email these days. Damn! the spam filtering (now that's ironic)
alone is worth the whole lack of a thick client.

Let's say for a second that we want a "secure" system in play. The
question is how to add security without getting in the way OR by
communicating enough value in the security that being in the way is a
feature and not a nuisance.

Throwing MORE security at something to me is not really a viable
answer.

Considering the lack of security I'm amazed that in 4 years of this
list there has never been a complaint about abuse. Hmmmm?

-- dave

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Posted from the new ixda.org
http://gamma.ixda.org/discuss?post=21648

24 Oct 2007 - 6:10pm
Jeff Howard
2004

I've noticed that recruiters tend to do this. See Ron Hart and Mary
King both posting as Eric Manke, Alan Johnson and someone named Neelu
both posting as "Holly", and Arela Rosenthal posting as Brook Wyant.

They're not exactly trying to hide their behavior. Probably just
using someone else's computer in the office, but if they didn't
sign their messages you'd never know. Job postings are a special
class of message where (in most cases) the name of the recruiter
doesn't lend credibility one way or the other like it would if they
were using a more established member's account as a sock-puppet.

// jeff

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Posted from the new ixda.org
http://gamma.ixda.org/discuss?post=21648

24 Oct 2007 - 10:43pm
Esteban Barahona
2006

I now only use the web fron-end in this mailing list (unless if I'm
posting a new thread; which I don't know how to do on the
gamma.ixda.org interface)... it's a preference of real web
communities instead of everything-over-email.

I get the sign-in form the first time (liking that it uses my real
name); but my second thought was "how insecure".

However with minor changes it can be great:
1) add a "signing from a public computer" box, forget the IP after
the session
2) add an option to authorize-deauthorize IPs*
3) make cookies that never sign-out on certain computers, so that a
dynamic IP is not an issue.

*and delete all posts made from a deauthorized IP... but I think
deleting posts (IMO, a must-have feature for forums) is not possible
on ixda.org

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Posted from the new ixda.org
http://gamma.ixda.org/discuss?post=21648

25 Oct 2007 - 9:38pm
James W. Bond Jr.
2007

I actually really like the login and find it a lot easier than most of
the other discussion boards I belong to.

However I haven't been able to figure out how to start a new topic
after two days of poking around! On other boards this is often
reversed!

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Posted from the new ixda.org
http://gamma.ixda.org/discuss?post=21648

26 Oct 2007 - 8:00am
Dave Malouf
2005

The only way to start a new topic is via email. discuss at ixda.org

-- dave

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Posted from the new ixda.org
http://gamma.ixda.org/discuss?post=21648

27 Oct 2007 - 1:00pm
James W. Bond Jr.
2007

Thanks Dave

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Posted from the new ixda.org
http://gamma.ixda.org/discuss?post=21648

Syndicate content Get the feed