Highest Voted 'ux' Questions - IT Security Stack Exchange

30

votes

6 answers

Is it insecure to display the number of characters when users enter a new passphrase?

When users are entering a new passphrase somewhere, it's helpful to provide feedback on the number of characters received by the system. In a user experience (UX) test I just ran, my user created a passphrase in her password manager, and then…

asked Aug 31 '21 at 14:59

colan

409
4
6

6

votes

1 answer

Security with non-expiring sessions

Sessions expire differently on different places on the web: StackOverflow: never expires Twitter: never expires Facebook: never expires Stripe: expires after like 30 min or an hour or so Some bank websites: expire after 15 minutes of…

session-management jwt ux

asked Nov 26 '17 at 04:45

Lance

588
5
16

3

votes

0 answers

Security vs. User Experience – can this Process still be considered to provide proper End-to-End-Encryption?

I am banging my head about this for a while now and would appreciate opinions/different views. tl;dr There is a system that aims to provide full end-to-end encryption for information (text messages, blobs) exchanged through it. At the moment, users…

encryption asymmetric end-to-end-encryption ux

asked Oct 19 '21 at 13:52

asp_net

233
2
6

3

votes

3 answers

Would this approach allow secure, typo-forgiving password handling?

Years back I voiced an opinion that making password handling forgiving, by accepting perhaps a single wrong character, would cost entropy but would not be leaving the barn door open; an additional entropic character or two should (I thought) be…

password-management ux

asked Apr 01 '17 at 15:08

Christos Hayward

1,210
8
10

2

votes

1 answer

Two factor authentication: Why ask for password first?

Every website that I came across that uses two-factor authentication asks the user for their password first. Then, after a correct password was entered, an SMS or an e-mail is sent that contains another code you have to enter in order to actually…

multi-factor account-security ux

asked Jun 23 '17 at 22:02

kay

149
5

1

vote

3 answers

Why do web browsers provide websites with plain text passwords?

Suppose I sign up for website.com with username "John" and password "Secret". Currently the webbrowser supplies website.com with my real plain text password, and we must trust them to salt and hash it properly so that if they are hacked, damage to…

authentication passwords web-browser websites ux

asked Jul 17 '19 at 17:58

William

111
3

0

votes

0 answers

Would a mechanism for a same-password separate admin account solve the problem of UAC bypasses in Windows?

The standard role-separation mechanism in Windows for a local administrator is to have a single account, but protect it using UAC, and configure it for Always Notify if increased security is desired. Unfortunately, this mechanism perpetually is…

windows uac ux

asked Jul 15 '18 at 08:13

Sad IT admin

127
1
8

Questions tagged [ux]

Is it insecure to display the number of characters when users enter a new passphrase?

Security with non-expiring sessions

Security vs. User Experience – can this Process still be considered to provide proper End-to-End-Encryption?

Would this approach allow secure, typo-forgiving password handling?

Two factor authentication: Why ask for password first?

Why do web browsers provide websites with plain text passwords?

Would a mechanism for a same-password separate admin account solve the problem of UAC bypasses in Windows?