Questions tagged [user-interface]
The user-interface tag has no summary.
43 questions
9votes
3answers
2kviews
Overlap for One-Time Passwords
I've got multiple OTP managers on my telephone. All of them seem to work with a constant timeout on the one-time passwords that are generated. For instance, the Microsoft authenticator works using a 6-...
- 4,983
0votes
1answer
124views
Is there a good case of passwords to be hidden on the screen to the extent it is? [closed]
In the olden days most computer displays involved a coaxial lead attached to a cathode ray tube. This functioned as a radio transmitter of what was displayed on the screen. I understood the response ...
- 447
0votes
0answers
128views
Why doesn't file/folder encryption work the way I imagine it should? Can I have the UX I want? Tell me what's wrong with this idea
I have been looking around at various encryption schemes, and I haven't found anything exactly like what I want in terms of user experience. If what I want isn't a thing, I assume it's been thought of,...
- 101
1vote
1answer
120views
Is there a security-related motivation for prompting me for my email address, and then my email and password?
Often when I am signing into web sites, I am prompted for credentials in two steps. First, they ask me to enter my email address. I type it in and click a button. Then they ask me for my password. I ...
- 657
25votes
9answers
9kviews
Redirect to login page if authorization required -- security flaw?
Suppose we have a site that has public and private areas. The private areas require login. For example "www.site.com/about" is publicly accessible. But "www.site.com/message_inbox"...
3votes
2answers
1kviews
Why do some password fields allow users to see what they type while others do not?
When I type a password somewhere, I see placeholders (black dots) in place of characters. But sometimes, there is also a toggle button to view the password like in a regular input field (typically an ...
0votes
2answers
150views
is it ok to reveal number of digits in a muti-factor code input screen?
Security-minded UX designer here. Some user interfaces reveal the number of characters in the UI for entering a second-factor security code. Is there risk in doing it this way? How much more secure is ...
0votes
1answer
116views
User associated email address viewable in it's personal settings
Some applications tend to hide completely the user associated email address or just showing a part of it (e.g. f***[email protected]) in the user's personal settings. Other applications don't mind showing the ...
- 117
0votes
1answer
358views
For failed logins, what information should be given to users?
When a user fails to successfully login, what information should be given back to them? Normally, we post back "Account not found" or "Incorrect password" or "Incorrect ...
- 635
2votes
3answers
2kviews
Is it safe and permissive to remember devices to skip two factor authentication when dealing with sensitive information?
We're a small UK startup building a small service that allows certain special people (e.g. journalists) to access non-public court information. This information includes a ton of private and ...
- 121
7votes
2answers
334views
What is the best way to show a (long) number for comparison?
How to represent visually a number (like a key or hash) on a screen for visual comparison with another representation of that number on another screen (or another window) in such way that it would be ...
- 5,108
53votes
5answers
10kviews
Why do many websites hide input when entering an OTP?
I've noticed that on many sites, when they ask for a one-time password (OTP) (usually sent by SMS), the input is hidden in the same way as a password field is. My understanding is that once an OTP is ...
- 602
1vote
0answers
103views
Is it possible to verify that it's safe to enter social media credentials in a given [IOS, Android, Win10] app?
When logging into web sites using federated login, it's easy to verify that the site that I'm entering my credentials into the site of the identity provider by looking at the address bar and ensuring ...
- 305
5votes
2answers
609views
Dealing with violating privacy of registered users during failed authentication
We are forth and back discussing how to deal with privacy issues during failed authentication, password reset and account creation on a web application. Let's say I am in the process of creating an ...
- 913
1vote
1answer
253views
Why is TLS for email not pushed aggressively to the users likes HTTPS? [closed]
Major browsers like Chrome and Firefox are being more and more aggressive at displaying the security level of websites, for instance warning you when you try to enter passwords on a non-HTTPS website. ...
