Subject:
|
Re: PW validation (was: Re: Opinions wanted: article rating harmful?)
|
Newsgroups:
|
lugnet.admin.general
|
Date:
|
Mon, 24 Apr 2000 04:05:50 GMT
|
Highlighted:
|
(details)
|
Viewed:
|
3321 times
|
| |
|
|
In lugnet.admin.general, John Matthews writes:
> I can't believe that Larry posted this twice (accident maybe, maybe not).
It was an accident and I would appreciate the first one being cancelled. There
is a difference in phrasing of less than 1% between the first and second, but
it's crucial.
> I am with Larry on this one. This is a problem that requires a simple
> solution. Please do not confuse simple with simplistic. It is a
> complicated problem; the solution, while perhaps complicated in it's
> synthesis, needs to be simple. Listen to Larry, he will guide you toward
> the light!
I appreciate the support but I don't actually agree with John. At least not
when he says this is a complicated problem.
Let me put my cards on the table here. I would claim I know as much about what
Lugnet is intended to be as anyone else who is peering in from the outside can.
Certainly Todd knows more, but I claim I know as much as anyone possibly can
that doesn't know what Todd knows but hasn't shared with us. (for perfectly
valid reasons, mind you)
Further,
- I have been here from the beginning
- I have read the plan
- I have a fair bit of experience in evaluating requirements from rather
sketchy information, as well as a fair bit of experience in estimating
development effort both before the fact based on those same sketchy
requirements, and after the fact by observing developers who sometimes want to
hide how much effort they put out.
So my professional judgement of what is required, based on the evidence
available to me is that... this is NOT a complex problem. This site (based on
the requirements that are public knowledge) does not need or deserve elaborate
security measures for the casual user. And that's what 99% of us are. Casual
users visiting a hobbyist site.
What is being discussed is more elaborate security than 99+% of commercial
sites have. And I'm arguing from authority. After all, I build these for a
living. Some sites I have been involved in building move millions of dollars a
day.
It's not justifiable from a development effort perspective.
It's not justifiable from a user interface perspective.
Now, as I always say, Todd's gold, Todd makes the rules, Todd can do what he
wants.
But if you want me to shut up about this you either have to flat out say
"shut up" to me *and* everyone else, or you have to convince me differently.
Nothing in the requirements visible to me can justify a need for this elaborate
security. Multiple layers of passwords? I just don't see the benefits being
worth the cost.
Just ignoring me isn't going to get me to shut up, Todd.
Why am I raising such a big stink? Because human factors matter. They matter a
lot, and they are more important than just about anything else. The human
factors here now aren't as good as they could be. Preferences and passwords are
broken. A robust design for them is not hard to come up with (go look at
Yahoo, for example... it is fast and unobtrusive, it reprompts you for the
same password in areas where you wouldn't want a casual visitor to your
machine to have access to) but won't be achieved by fiddling around the edges
one feature at a time, it needs to be realised by a holistic approach that
takes the vision in the plan and turns it into concrete requirements that can
be implemented in a staged way.
Keep fiddling and you'll get a patchwork and you'll do a lot of backing and
filling, way more than you have to. Iterative design and development is the way
to go but there has to be more than a vague vision for the iteration beyond the
next, or patches on top of kludges is what you'll get.
Larry Pieniazek
System Architect, Project Manager, Estimator, General Nuisance and proud of
it...
|
|
Message is in Reply To:
309 Messages in This Thread:
(Inline display suppressed due to large size. Click Dots below to view.)
- Entire Thread on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
|
|
|
|
