Limiting password length sucks…

…but inconsistency sucks even more. Check out the American Express login form:

I'd like to use my usual password.

I'd like to use my usual password.

When you sign up for web access, password length is limited to 7 characters, which is a quite bad design decision in itself. What if I have a scheme to generate 10-character long passwords? Why on Earth can’t I use it?!

But this particular system sucks even more: in the log in form, the password length is not limited. Once I forget that this particular web site does not accept passwords of my usual length, I won’t be able to log in anymore: I’ll keep trying my regular password technique again and again, and it will fail over and over. If you limit the password length you should at least do it consistently, so if I enter a longer password when registering and have some characters thrown away, it would be nice for the log in form to do the same. This way your strange idea of limiting the password length would at least be transparent to me.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: