« The patient isn't dead yet | Main | Looking for something creative to do with your kids? »

How to make potential hackers happy

Error messages spotted today on a login page (not all at the same time, obviously, just with different tries):

Invalid user name
Invalid password
User account was deleted

I'm sure the developer/designer meant well..

Posted by kasia on January 24, 2006 08:56 PM |

Comments

Yeah, maybe that is giving out too much information (especially the last case), but it sure does a lot for usability. Since I use different username and password combinations around the net, and maybe I can't remember the username for a particular site, if I know I've at least got the username right I don't have to resort to "reset my password" or other methods that take forever.

Is it wrong to give out a little more information than necessary for an improved user experience? Maybe it is, but try telling the user that.

Posted by: Ryan G | January 25, 2006 02:14 AM

If the intention is security, then yah, giving out information about valid/invalid usernames is an unnecessary risk.

Posted by: kasia | January 25, 2006 09:32 AM