This article is published in our developer blog, but it’s equally important for merchants and all Internet users. The title is from Jeff Atwood’s CODING HORROR – programming and human factors blog. Jeff is a web developer and the co-founder of the Stack Exchange network of Q&A sites. In his blog he has already written 203 (!) articles about passwords, which is why he starts his 203rd article with:
I’m a little tired of writing about passwords. But like taxes, email, and pinkeye, they’re not going away any time soon. Here’s what I know to be true, and backed up by plenty of empirical data:
- No matter what you tell them, users will always choose simple passwords.
- No matter what you tell them, users will re-use the same password over and over on multiple devices, apps, and websites. If you are lucky they might use a couple passwords instead of the same one.
What can we do about this as developers?
- Stop requiring passwords altogether, and let people log in with Google, Facebook, Twitter, Yahoo, or any other valid form of Internet driver’s license that you’re comfortable supporting. The best password is one you don’t have to store.
Please continue to read the rest of his article and please take this subject very seriously, both as a developer and user.
(Picture Courtesy of Yuri Samoilov)
