[Cryptography] Cost of remembering a password
Jerry Leichter
leichter at lrw.com
Sat Aug 16 15:34:24 EDT 2014
On Aug 16, 2014, at 7:35 AM, Steve Furlong <demonfighter at gmail.com> wrote:
> Cost of remembering a password or of using a CAPTCHA: borne by the users
>
> Cost of designing and building around passwords and CAPTCHAs: borne by the development team
>
> I've known a bunch of web app developers who would prefer to make things better. Maybe on their after-hours projects they do. On the commercial and government web sites I've worked on, the designers may or may not be open to new ideas, but the managers are all "hurry hurry no time gotta get the release out NOW!!!"
>
> Even if you could come up with something better that took no extra development time or other cost, half of the designers and managers would still reject it, hiding their incomprehension behind "I don't think our users will like that".
It's quite possible that, indeed, their users would *not* like it.
It's also quite possible, in this litigious world, that some novel approach would be seen as "not up to best industry standards". Going along with the crowd may not give you the best possible result, but it does tend to bring iwht it a certain degree of safety.
-- Jerry
More information about the cryptography
mailing list