Apply the same reasoning for the entire Internet, and you??™ll have
countless different user experiences just for typing in a username
and password. There is some common pattern almost universally
adopted, such as the presence of two text boxes for username
and password, but that is pretty much it. The result is that
if there??™s no regular pattern, the user is trained not to search for
one. The user loses his capability of being surprised. There are
no visual clues in the credential-gathering experience warning
the user that a certain page ???has something wrong.??? This is one
of the key loopholes in today??™s e-commerce practice that makes
phishing so successful.
We have seen how certi?¬?cates and token-based technologies do
a better job at handling identity than shared secret techniques
such as passwords. From the interaction point of view, however,
they may end up being more challenging to use for humans.
There is not a common visual entry point for handling nonpassword
credentials; here it actually is a solutions tower of Babel.
Very often, hard tokens and smartcard have their own drivers,
which must be installed explicitly. This is due to the nature of
the devices themselves and is an issue that can be mitigated but
probably not completely banished.
Pages:
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154