Most web sites that require a login of username and password return an ambiguous error message when login is invalid.The common message is: "Invalid username / OR password."
Well, which was it?
It's very easy for the program to give you more specific information. Here's what happens when you login:
The program searches the database for a record containing that username AND password. If no record is found, then login is invalid. Most programs just spit out that message "Invalid username OR password" because one of those 2 was the culprit. (Actually, both inputs could have been wrong)
To clarify the matter, the program only needs to do an additional call to the database, looking for a record of the username.
If it finds a record with that username, then it knows that the password was wrong.
If it does not find a record with that username, then both the name and password were wrong.
Then the system could return a specific response.
For examples of LAZY programming / ambiguous response, see Yahoo and Hotmail. (Hotmail screen is atop this post, here is Yahoo)
Google does a better job on this, by giving the message "Username and password do not match. (and then it displays what name you entered)"
But it's easy to offer 2 specific responses when login is invalid.1. If both the name and password is wrong: "There is no record of a xxxxxxx"
2. If there is a user of that name: "The password you entered does not match..."
The only reason to withhold those details is as a privacy measure. Since most usernames are now equal to an email address, if any person in the world wanted to know if a given email address was a member of a given site, he could enter it and a random password, and then receive a yes or no.
In that light, the Google method is tops.
But anyway, here are 2 screens from a system I made:
No comments:
Post a Comment