I did a study trying to find out what problems undergraduate information management and computer science students had with passwords, by beefing up the system logs to record all password submissions on a web-based examination ap and then me interpreting them without help from the people who made the mistake (ie. I could have categorised them wrong).
Here's what I say I found: about 15 percent of password problems (when a password submitted at a password prompt is incorrect) are typing related. The vast bulk of errors were to do with having too many passwords - see below. So, the proposed solutions could help a bit, but won't tackle the main problem.
|
Problem
type |
Proportion |
Description of
problem |
|
Expired
Pwd |
37% |
Using an expired password
instead of the currently valid one. |
|
Substitution |
15% |
Using some password like
sequence of characters instead of the currently valid
password. |
|
Enter |
9% |
Pressing Enter before
typing a password – no password was entered in the login
attempt |
|
Omission |
6% |
Omitting a necessary
character from an otherwise correct password |
|
Addition |
5% |
Having an unnecessary
character in an otherwise correct password |
|
Partial
Recall |
5% |
Recalling part of a
password, but not the rest of it |
|
Distribution |
4% |
A
problem occurred during the initial distribution of the account
details |
|
System
Error |
3% |
A
malfunction in the password mechanism |
|
Replacement |
2% |
Having incorrect
characters in an otherwise correct password |
|
Blend |
1% |
Mixing parts of passwords
together |
|
Capitalisation |
1% |
Using the wrong
capitalisation in all or part of a password |
|
Userid |
1% |
Entering the username
instead of the password |
Sacha
>
-----Original Message-----
> From: bj@altern.org [mailto:bj@altern.org]
> Sent: 19 January 2004
00:45
> To: kde-usability@kde.org
> Subject: Allowing No Hide mode
in passwords
>
>
> Hello !
>
> First post to this
list :-). As maintainer of KGpg, a user
> told me he was
> using
long passwords, and that it was hard to tell if he made
> a
mistake
> because currently KPasswordDialog only displays
>
************** when you type
> a password. He would like to be able to
actually see the
> password he is
> typing.
>
> I think
this could be a usability enhancement (for example
> for people
that
> have problem with typing)
>