|
Specifically responding to your update:
I wish it was that easy. I work at the customer service level of a financial business that recently implemented "build your own" style security questions. The form is as self-explanatory as can be...
Password Reset Security Question {input element}
Password Reset Answer {input element}
This just confuses the hell out of users. I have to walk an average of one person per day through the process, and thoroughly explain that "here you can type out your own question, which will be shown to you when you request a password reset. Below, you put in the answer to that question." This is a basic concept to those of us who have experience in site development and high-level security concepts... but to the average user, it's mind boggling. In some cases, I even end up recommending that the user leaves those fields blank (in that case, they simply cannot self-initiate a password reset, and must call or come in to one of our offices. It's more work for us, but doesn't add a security risk). There are plenty of people who are far too impatient to even attempt to figure it out, and for them, I'm glad our situation has a workaround for the concept.
This isn't to say that the concept needs reworking. Security questions as they are typically implemented are appallingly insecure, and depend on essentially public data. This is bad, and needs to be addressed by the industry at large. On that, we are completely agreed.
|
|
|
|
|
joequincy wrote: This just confuses... users
This is just a UI/UX problem caused by a web page designer who thought he was limited to a 4 word label. He could have just as easily labeled those fields with:
"Please write a question that only you know the answer to."
followed by
"Now write the answer to that question."
I can't imagine verbage like this would stymie the average loser user. Please, joequincy, I beg you: don't let complaints from your colleagues about extra work from the "build your own questions" implementation motivate your institution to retract that strategy. IT IS THE RIGHT STRATEGY. Just get the web devs to implement it in the RIGHT WAY.
If I can influence one institution to do the right thing in this regard, I will have fulfilled one of my life's goals.
|
|
|
|
|
You mean please type a question, or else it will get written on a "post-it notes"!
|
|
|
|
|
|
*before i read all replies*
I've used a few websites which offer selection of questions to chose from, also ones where you can input your own question. (online banking i think)
|
|
|
|
|
I have one standard answer for when I can't specify the prompt and one standard prompt/answer for when I can specify the prompt.
Of the latter, I did have to answer it on the phone once.
Unfortunately, my wife doesn't understand the security implications so she always answers with the "real" answers.
|
|
|
|
|
|
|
|
Hmm, the topic seems to ring a bell. The Insider News - CodeProject[^]
"the debugger doesn't tell me anything because this code compiles just fine" - random QA comment
"Facebook is where you tell lies to your friends. Twitter is where you tell the truth to strangers." - chriselst
"I don't drink any more... then again, I don't drink any less." - Mike Mullikins uncle
|
|
|
|
|
It was in the Daily News this morning as well.
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
|
|
|
|
|
That's because MS payed way to much for nothing...
Skipper: We'll fix it.
Alex: Fix it? How you gonna fix this?
Skipper: Grit, spit and a whole lotta duct tape.
|
|
|
|
|
I admit I can't see any logic to it: LinkedIn does seem to be the breeding grounds for the world's dumbest recruitment agencies rather than anything particularly usable. Lot of money for just all our personal details...maybe I should close my account...
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
|
|
|
|
|
My first thought was also to close it...
I actually maintained my account to see some proposals, but only contractors made connection...
I just can't imagine what MS will do with it...
Skipper: We'll fix it.
Alex: Fix it? How you gonna fix this?
Skipper: Grit, spit and a whole lotta duct tape.
|
|
|
|
|
Keeping an eye on your personal info!
Shuvro
|
|
|
|
|
May be blow up the whistle too!
Shuvro
|
|
|
|
|
Hmm.
Now would be a good time to set up inlinked.com, to take over, after ms has screwed up linkedin.
We'd better be quick, though. The ms screw-up velocity* had been increasing geometrically.
* "velocity" means speed in a particular direction**
** "Particular direction", in this case, means very much the wrong one.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
Well thought
Shuvro
|
|
|
|
|
No, but I bet we're going to see plenty of advertisements by MSFT; advertisements targeting rival technologies. I am starting to think this is genius, but 26 billion for a junky HR website seem excessive.
|
|
|
|
|
And we will probably see Google, Oracle, Amazon, and Intel all change their HR policy so that employees must delete their LinkedIn accounts as a condition to hiring. Once LinkedIn is aquired, Microsoft will be able to easily index who works for who which will give them an unfair advantage in head-hunting skilled professionals and tracking what skill sets are getting hired the most. They can gauge the direction the industry is moving based off hiring today and not future revenue reports allowing them to position Microsoft ahead of the curve, at least that's the way I see it.
if (Object.DividedByZero == true) { Universe.Implode(); }
Meus ratio ex fortis machina. Simplicitatis de formae ac munus. -Foothill, 2016
|
|
|
|
|
At first I figured that it was just an exercise in learning what went on behind the scenes, and that the layout designer would be introduced in chapter 10. But...
Xamarin Forms are all hand cranked XML or C# runtime code? No visual designer at all?
Have I been transported back to pre-Visual Studio days?
XAML is verbose, cumbersome, and prone to errors - so a designer that lets you do the "donkey work" a-la WPF is a must, isn't it? But no. I know it's a lot of work to do from scratch, but surely MS can rework the WPF designer for the job? You want this taken up as mainstream (and I can see why it might be a damn good idea) you have to provide suitable tools, not a half-assed syntactic highlighter for notepad!
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
|
|
|
|
|
Actually, doing ASP.Net web forms, I never work in the designer. I do everything in source. But for learning a new tool, a visual designer would be very important.
There are only 10 types of people in the world, those who understand binary and those who don't.
|
|
|
|
|
Not just for learning: throw the basics together in the designer so they all have the right attributes to work together, then tidy up and customize in the source. Or (if the designer is as good as WinForms) say "sod the source" and let the designer do the donkey work!
I thought the idea of XAML was that visual designers did the XAML via tools, and the developer coded the stuff that does the work behind the scenes? Since most visual designers couldn't code their way out of a paper bag and most developers appear to be colour blind (and believe that 50 controls to the square inch is a good average) that makes a lot of sense.
But expecting visual designers (who can't reliably tie their own shoelaces but will have excellent taste in shoes) to work with raw XAML is daft.
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
|
|
|
|
|
Maybe you can hire a programmer via LinkedIn to develop a designer for you.
".45 ACP - because shooting twice is just silly" - JSOP, 2010
- You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010
- When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013
|
|
|
|
|
Now Griff, you're generalizing, designers are to hip to own shoes with laces.
It takes some time to learn both the presentation and logic layers of WPF. I can now build the visuals of an entire app in XAML or from code behind but the later takes a lot more typing though. And as for being color blind, I received a lot of flak for putting too much color in business applications so grays are all they get now.
if (Object.DividedByZero == true) { Universe.Implode(); }
Meus ratio ex fortis machina. Simplicitatis de formae ac munus. -Foothill, 2016
|
|
|
|