« Thank God for Google Alerts | Main | Blog It for iPhone »



Feed You can follow this conversation by subscribing to the comment feed for this post.

Andrew Gwozdziewycz

"The password you have entered for this email address is incorrect." would be the best move because it's informative but doesn't tell you anything about the data. In other words, with the message "This email address does not exist in our system" you're given an attacker too much information. So while I agree that messages should be more informative, any clues as to which piece of login data is wrong is just a sign on your door that says, "ooh, you can make progress easily if you attack it."

Byrne Reese

I still think you are giving people too much information by even confirming the email address is a valid one. People can then easily use your system a) in a dictionary attack against your account, or as a way for spammers to validate email addresses.

This is tricky problem though and one that is not easily solved by language and copy alone...


I don't have anything substantive to add, but really just wanted to try out commenting.

Jim Ramsey

You guys are right, of course. Security does need to trump usability sometimes.

Jim Ramsey

Thanks for your honesty Anil :)


Drug Enforcement Administration Spokesman http://www.unbalancedpassions.com/ - propecia 5mg In turn, this then stops the process of baldness in the patient. http://www.unbalancedpassions.com/ - buy cheap propecia


AbseveethiseE http://www.scoutsfcalgary.com/ - cheap vardenafil Levitra helps by increasing the blood flow to the sexual organs which will result in an erection. http://www.scoutsfcalgary.com/ - discount levitra

The comments to this entry are closed.

Real Time Web Analytics