Collaborate Disseminate
In the olden days most computer displays involved a coaxial lead attached to a cathode ray tube. This functioned as a radio transmitter of what was displayed on the screen. I understood the response to the security risk this posed was to… Continue reading Is there a good case of passwords to be hidden on the screen to the extent it is? [closed]
I have been looking around at various encryption schemes, and I haven’t found anything exactly like what I want in terms of user experience.
If what I want isn’t a thing, I assume it’s been thought of, but other approaches won out. So can … Continue reading Why doesn’t file/folder encryption work the way I imagine it should? Can I have the UX I want? Tell me what’s wrong with this idea
Heat pumps are taking the world by storm, and for good reason. Not only are they many times more efficient than electric heaters, but they can also be used to …read more Continue reading Heat Pump Control That Works
Many of us grew up watching Star Trek, marvelling at the beautiful colorful interfaces on the computers that ran the Starship Enterprise. Today’s computer interfaces have certainly grown fancier since …read more Continue reading Sci Fi UI Made Easy With Arwes
Often when I am signing into web sites, I am prompted for credentials in two steps. First, they ask me to enter my email address. I type it in and click a button. Then they ask me for my password. I type it in and click a button. (Sometime… Continue reading Is there a security-related motivation for prompting me for my email address, and then my email and password?
In most common web applications that support multi-factor authentication the user is first prompted for their username and password, and only after a successful first authentication the user is prompted for their TOTP token.
Why is that? A… Continue reading Why not prompt for password and TOTP simultaneously? [duplicate]
Suppose we have a site that has public and private areas. The private areas require login.
For example "www.site.com/about" is publicly accessible. But "www.site.com/message_inbox" requires authorization (valid login)…. Continue reading Redirect to login page if authorization required — security flaw?
When I type a password somewhere, I see placeholders (black dots) in place of characters. But sometimes, there is also a toggle button to view the password like in a regular input field (typically an icon with the shape of an eye, or a tex… Continue reading Why do some password fields allow users to see what they type while others do not?
Security-minded UX designer here.
Some user interfaces reveal the number of characters in the UI for entering a second-factor security code. Is there risk in doing it this way?
How much more secure is it to use a more basic input type?
… Continue reading is it ok to reveal number of digits in a muti-factor code input screen?
Some applications tend to hide completely the user associated email address or just showing a part of it (e.g. f***o@foo.com) in the user’s personal settings. Other applications don’t mind showing the full email address.
What are the secur… Continue reading User associated email address viewable in it’s personal settings