Password protection is a key link in the registration process, especially for the high level of account security sites, especially in the account is stolen or involved in security issues such as the problem, password protection as the user identification information, to log on through the account abnormal login (such as password stolen, the account was sealed, etc.) and other authority certification. Recently did the project to find that there are many details of the problem, seriously affected the user experience, summed up the following key factors, to discuss with you.
First, security
The most critical factor in setting password protection issues is security, so it requires only registered users to provide the correct answer, not easy to be guessed by others or by the machine cracked. At design time you can refer to the following factors:
- The answer is not to ask the user frequently used information, so as to prevent others through inquiries or investigation and easy access. (For example: Your nickname, birthday, ID number, phone number, address, pet's name, etc.)
- The problem is best related to the privacy of the user and has a profound memory.
Let's take a look at the comparison of the following examples to see that questions 1 and 2 are better than questions 3 and 4:
- What was your dream career when you were a kid?
- Your first boyfriend (girlfriend) 's birthday?
- Your mother's name?
- What's the back four digits of your cell phone number?
Ii. Certainty
- Ask the question only, don't give multiple questions at the same time.
To QQ registration page For example, there is a question is "your school number (or work number) is?" "It is very confusing, for those who only study number or work number of the user is OK, for two of the users have the answer is very confusing, it is possible that they are registered to enter a random, in the back when you can recall the original fill in the number?" I guess the designers would think that the students who have the number is the student, with the work of the workers, the two conditions are mutually exclusive, so only two choose one. In fact, the situation is not so simple, to me for example, registered QQ when I was a student, is now working. Retrieve the password may have forgotten the time of the school number, or some people are working students, also have the number and work number, or he turned several times, changed n jobs, there may be more than one study number or work number ... In short, the two issues are not mutually exclusive or even overlapping in many cases. This information represents the source of the article Web teaching webjx.com please go to www.webjx.com Browse!
Figure 1 QQ Registration page
2. The question is not ambiguous.
For "My best friend's birthday". "Best friend" has a lot of qualifications, a person may not have more than one of the best friends, perhaps the first two years of friends after a few years has become a relationship with a very light friend. This is not the case, but also on the basis of the price plus "birthday" This condition involves a lot of formats (this will be mentioned below), is undoubtedly to add insult to the user.
Third, invariance
Don't let the answer to the question be variable, or it can lead to multiple possible answers:
- Don't let users define their own format
For example, the above mentioned "birthday" format there are many kinds: 1982/09/08; September 8, 1982 (day); 1982-09-08, etc. My suggestion is that if there is a problem, the form that is filled out in the answer should correspond to the system-defined format, not just an input box.
- Problem contains content that stays the same for a long time
For example, "Your mobile phone number of the post 6" and other issues, some people will often change mobile phone number, for those who do not often change the mobile phone number of people, the mobile phone is stolen Ah, changed the location and other external conditions will also have the effect of the change number. So it's not recommended as an option; "The back 6 of your ID card" will be much better than the former. Add this information web teaching network (webjx.com) to release the purpose is to prevent you from becoming lazy! Webjx.com not advocating collection!
- The answer should not be abbreviated or abbreviated.
For example, "Your university Graduate School" Such questions, the answer will be diverse, to "Northwestern Polytechnical University" as an example, there will be "Northwestern University" "Northwest Work Big" "Nwpu" and so on, the question to "you graduated from the University of the full name?" "Just a lot better."
Four, easy to remember
A good answer needs to be easily remembered by the user, ideally, the user will be able to see the password prompt immediately after the answer, and do not need to check some of the information around or try to recall. Like, "What's My driver's license number?" "(Anyway I don't know, do you?) )
In addition, do not ask the information of childhood, after all, since now so long time. For example: "What is your favorite primary school teacher's name?" Wait
V. Other details
- In fact, some password hint problem does not apply to everyone (such as "My car brand?") "And there are a lot of flaws, so I suggest that designers should provide more questions for the user to choose from, such as Figure 1 provides 2-3 forms, each containing 15 questions, after selecting the first question, the latter two forms can automatically clear the selected option.
- Do not allow users to customize protection issues. Although this function looks very user-friendly, but the user is very afraid of trouble, if there is a suitable problem, why do you have to input it? (Don ' makes me think). And look at the above example to know that the set up a good problem is not easy, such things are left to the designer to do it.
3. The problem avoids the mention of color, because each person's perception of color is different, especially for color-blind users.
Finally, I would like to say that password protection is mainly to help users find their own ID, if this process is too cumbersome but will affect the operation, when to use, and how to control the recovery process, it is necessary to assess the early, only in the determination of the use of the time to consider how to design, do not too tangled up the details of the problem. See this information that the text is published through the Web Teaching (webjx.com), please do not delete!
Reference documents:
- ^ Garry. "Designing good Security Questions". Retrieved on 2008-01-30.
- ^ Chris Baker. "Securityquestion difficulties" . Retrieved on 2008-01-30.