Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
@Alice when trying to login. “You’ve entered AirChecker69’s password, not yours. Yours is ‘fluffykittens’.”
-
@Alice Well.. UX > security. ππ»βοΈThe users might even be grateful for reminding them what their password is so that they don’t have to click on “forgot password” and receive it via email in plain text. π€·π»βοΈ
-
Google stopped giving a generic error message and displaying different "invalid username" "invalid password" because there are too many ways to check if a username/email address is already registered; in many web apps its possible at registration ("this user already exists").
-
@sbiewald True, I’ve noticed some other large players using that as well. Indeed some other ways to check it. But they all have strong security measurements for account signins etc. Will probably switch over when I’ve added some extra security measurements.
-
C0D4681385y@Alice I haven't heard that one before π€
@BertMaurau as for UX vs Security. There's a fine line and the "UX" guy usually wins that war, you can disclose that "something was invalid" but the email/username can be validated anyway.
Related Rants
For credential errors on login forms..
Do you guys follow the “OWASP standard” and won’t let the user know which field (email or password) was incorrect, just a general message or the more UX-way and let them know that it is for example the password that doesn’t match with given email (if it exists)? π€
Had a minor “discussion” about this with our sales-guy this afternoon why that I’m (as the full-stack, and only, developer there) not that of a fan about the UX-way.. (even thou ‘security’ is a “myth”). π
rant
forms
ux
errors