John Rumm wrote:
On 10/02/2016 16:42, Mike Barnes wrote:
John Rumm wrote:
On 10/02/2016 07:41, Mike Barnes wrote:
Jonno wrote:
Apparently Tesco are expecting online shoppers to remember parts of
their passwords, like the 1st, 4th, 5th and 8th letters/digits.
Brilliant, the person who told me had to write out the password and
pick
out the digits they required. So much for security.

Those would be so much easier, if they presented a "fill in the blanks"
form rather than telling us the digit positions.

E.g. instead of presenting us with something like this, where ?
represents an input field:

Enter the 1st, 4th, 5th and 8th characters: ? ? ? ?

they could present us with:

Enter the requested characters: ? - - ? ? - - ?

But that would require a level of user focus that seems to be lacking in
the current generation of software designers.

It would also be poorer security, since it discloses the length of the
secret word

How does it do that? In the example above the length could be anything
from eight upwards.

So I am sat there looking at the post-it note on the side of your screen
with a number of random words scribbled on it... I note only one of them
is 8 or more characters long.

No you don't, but if you did, so what? Both methods tell you that the
length is eight or more, so there's no difference in the amount of
information divulged. But there's a considerable difference in
usability, because one method requires you to count and spell at the
same time, and the other doesn't.

--
Mike Barnes
Cheshire, England