SlideShare uma empresa Scribd logo

Pragmatic Designer's Guide to Identity on the Web

Transferir como ZIP, PDF
Jamie Reffell
Jamie Reffell

This talk was presented at Webvisions 2010 in Portland, Oregon. When you're designing for the web, you have to think about identity. This includes the nuts and bolts of login fields and passwords, as well as fancy technologies like Facebook Connect, OAuth, and OpenID. This talk presents a pragmatic approach to identity on the web, focused on best practices and a reality-based understanding of user behavior. I'll cover: * How users really handle accounts and passwords, and what that means for your site. * Best practices for login/logout. * Shared accounts, shared computers, and other messy realities. * What designers needs to know about OpenID, OAuth, Facebook Connect, and other identity platforms. * What might happen next: future-proofing your design without a crystal ball.

Design
1 de 74
Pragmatic Designer’s Guide to Identity
Introductions A fable People (are tricky) Past Present Future
Introduction
Usable Security Systems
YOU?
Identity
Identifiers
Logging in to stuff. Being logged in to stuff. Logging out of stuff.
Scylla (Security & technical stuff) Charybdis (Social stuff) Odysseus (This talk)
Fable
“Facebook wants to be your one true login.”
So what?
Fuzzy logging in (make fuzzy)
People are tricky.
They share computers. 95% had at least one shared computer 45% of computers were shared (35% single profile / 28% shared profile/ 38% mixed) Public vs. private areas Short tasks vs. long tasks
They share accounts.
They make up names. “At the Fieldston School in the Bronx, a class on Tolstoy resulted in some students adding Russian patronymics like -ovich and -ovna to their names.” - NY Times
They have multiple accounts. 38% of twitter users have 2+ accounts
They reuse passwords. Average user has ~25 password accounts Average user types ~8 distinct passwords / day Average password used ~6 different sites Correlation between password strength and reuse
They ignore security advice. (Rationally.) Estimated cost of phishing: $90 million. Estimated cost of following anti-phishing advice: $15.9 billion. Opportunity cost of reading all privacy policies: $781 billion / year.
The past
Login UI Username or email address? How do you navigate to the login? Where is the login in the site? How is it laid out on the page? What UI elements do you need to include? Sign in or log in? (Or login or log on?)
Usernames vs. email addresses (vs. real names) What you log in with isn’t necessarily what you display to the user or to other users. Usernames can be pseudonyms, which can be good and bad. Usernames are more easily forgotten, email addresses are more easily lost. Most systems only support one username, but many support multiple email addresses. The bigger you are, the bigger a namespace collision problem. With email addresses, it’s somebody else’s problem. Over time, most systems end up with usernames and email addresses (and real names and pictures).
Almost a Security Slide Login on home page vs. login on every page vs. login on special page Sadly, an operations vs. security vs. usability tradeoff Banks pick every page as they’re all https anyway Most other sites pick special page Some have https forms but not pages ...
I know what this means. And what this means. But what does this do?
No checkbox!
12345$ /0-$0.$ /0-,.$ 67$ 6+$ /0-$,.$ +,-.$,.$ !"!!#$ %!"!!#$ &!"!!#$ '!"!!#$ (!"!!#$ )!"!!#$ *!"!!#$
Present
An Irreverent History of Authentication Weirdness 1. First, there was OpenID, which was a funny way to log in with URLs. (Almost) no one used it. 2. Then came mashups, and sites started asking for other sites’ passwords. This Was Bad. 3. Then came OAuth ...
Authentication Options The old-fashioned way “Logging in” via another service Implicitly being “logged in” via another service Combinations Multiple options
Control. Choice (and the paradox of). Communication. Access.
Future
“Identity” is an intimate and often contentious topic. One common refrain that interviewees mentioned was that people who maintained multiple online “identities” primarily used them for deviant purposes. These initial assumptions of deviance did not match my own findings... Not only do people have multiple identities for different public and private spheres, but they may also conduct a substantial portion of their interactions, online as well as offline, in different spheres. the combinations of public, private, online, and offline are often intermixed. - Ben Gross, Online Identifiers in Everyday Life
conclusions
questions? James Reffell @jreffell designcult.org james.reffell@gmail.com
References Identity in general Online Identifiers in Everyday Life (forthcoming), Ben Gross (http://bengross.com/) ReadWriteWeb story Facebook Wants to be Your One True Login, ReadWriteWeb (http://www.readwriteweb.com/archives/facebook_wants_to_be_your_one_true_login.php) People are tricky An Online Alias Keeps Colleges Off Their Trail, NY Times (http://www.nytimes.com/2010/04/25/fashion/25Noticed.html) A Large-Scale Study of Web Password Habits, Dinei Florencio & Cormac Henley (http://research.microsoft.com/apps/pubs/?id=74164) So Long, And No Thanks for all the Externalities: the Rational Rejection of Security Advice by Users, Cormac Henley (http://research.microsoft.com/users/cormac/papers/2009/SoLongAndNoThanks.pdf) The Cost of Reading Privacy Policies, Aleecia M. McDonald & Lorrie Faith Cranor I/S: A Journal of Law and Policy for the Information Society, 2008 Privacy Year in Review (http://www.is-journal.org/) How Many Twitter Accounts Do You Have? Techcrunch (http://techcrunch.com/2008/01/09/how-many-twitter-accounts-do-you-have/) Family Accounts: A new paradigm for user accounts within the home environment Serge Egelman, A.J. Brush, and Kori Inkpen (http://research.microsoft.com/apps/pubs/?id=74234)
Past References Web Form Design: Filling in the Blanks, Luke Wroblewski (http://www.rosenfeldmedia.com/books/webforms/) Designing for Social Traction, Joshua Porter (http://bokardo.com/archives/designing-for-social-traction-slide-deck/) Present Data Reveals Trends Among Social Media, JanRain http://blog.janrain.com/2010/04/data-reveals-trends-among-social-media.html Log in or sign uo with OpenID, Leah Culver (http://blog.leahculver.com/2009/11/log-in-or-sign-up-with-openid.html) Future Meebo pushes xAuth.org as solution to social network toolbar clutter problem, Scobleizer (http://www.youtube.com/watch?v=-UjXswWs7xg) Facebook and Radical Transparency (a rant), danah boyd (http://www.zephoria.org/thoughts/archives/2010/05/14/facebook-and-radical-transparency-a-rant.html) Identity in the Browser (Firefox), Aza Raskin (http://www.azarask.in/blog/post/identity-in-the-browser-firefox/) Account Manager Coming to Firefox, Mozilla (http://hacks.mozilla.org/2010/04/account-manager-coming-to-firefox/) OpenID Connect (http://openidconnect.com/)
Creative Commons Credits phil.d Joe Shlabotnik http://www.flickr.com/photos/phill_dvsn/393952186/ http://www.flickr.com/photos/joeshlabotnik/305410323/ NicksNotToShabby ryancr http://www.flickr.com/photos/nicksnottoshabby/4558725627/ http://www.flickr.com/photos/ryanr/142455033/ Jaume d'Urgell Roger Smith http://www.flickr.com/photos/jaumedurgell/740880616/ http://www.flickr.com/photos/rogersmith/3478145163/ bandita Kansas Sebastian http://www.flickr.com/photos/cosmic_bandita/2218419160/ http://www.flickr.com/photos/kansas_sebastian/4395356552/ jasohill c@rljones http://www.flickr.com/photos/jasohill/3711675312/ http://www.flickr.com/photos/_belial/414619731/

Recomendados

Intro to accessibility workshop slides
Intro to accessibility workshop slidesIntro to accessibility workshop slides
Intro to accessibility workshop slidesbillcorrigan
 
Delware Court Sanctions Kramer Levin, the ABA Journal Reports
Delware Court Sanctions Kramer Levin, the ABA Journal Reports Delware Court Sanctions Kramer Levin, the ABA Journal Reports
Delware Court Sanctions Kramer Levin, the ABA Journal Reports Frank411
 
Plagiarism: What Writers Need to Know
Plagiarism: What Writers Need to KnowPlagiarism: What Writers Need to Know
Plagiarism: What Writers Need to KnowRavi Shankar
 
Web accessibility in action | UNC SkillfUL Workshop
Web accessibility in action | UNC SkillfUL WorkshopWeb accessibility in action | UNC SkillfUL Workshop
Web accessibility in action | UNC SkillfUL WorkshopPhil Daquila
 
Shmoocon
ShmooconShmoocon
Shmooconaestetix
 
Avoiding Plagiarism 1
Avoiding Plagiarism 1Avoiding Plagiarism 1
Avoiding Plagiarism 1houxy
 
Blank is better than other
Blank is better than otherBlank is better than other
Blank is better than otherMark Morris CBA CPM
 
Plagiarism and its Consequences
Plagiarism and its ConsequencesPlagiarism and its Consequences
Plagiarism and its ConsequencesEmran_Mostofa
 

Recomendados

Intro to accessibility workshop slides
Intro to accessibility workshop slidesIntro to accessibility workshop slides
Intro to accessibility workshop slidesbillcorrigan
 
Delware Court Sanctions Kramer Levin, the ABA Journal Reports
Delware Court Sanctions Kramer Levin, the ABA Journal Reports Delware Court Sanctions Kramer Levin, the ABA Journal Reports
Delware Court Sanctions Kramer Levin, the ABA Journal Reports Frank411
 
Plagiarism: What Writers Need to Know
Plagiarism: What Writers Need to KnowPlagiarism: What Writers Need to Know
Plagiarism: What Writers Need to KnowRavi Shankar
 
Web accessibility in action | UNC SkillfUL Workshop
Web accessibility in action | UNC SkillfUL WorkshopWeb accessibility in action | UNC SkillfUL Workshop
Web accessibility in action | UNC SkillfUL WorkshopPhil Daquila
 
Shmoocon
ShmooconShmoocon
Shmooconaestetix
 
Avoiding Plagiarism 1
Avoiding Plagiarism 1Avoiding Plagiarism 1
Avoiding Plagiarism 1houxy
 
Blank is better than other
Blank is better than otherBlank is better than other
Blank is better than otherMark Morris CBA CPM
 
Plagiarism and its Consequences
Plagiarism and its ConsequencesPlagiarism and its Consequences
Plagiarism and its ConsequencesEmran_Mostofa
 
Argumentative Essay Year Round School
Argumentative Essay Year Round SchoolArgumentative Essay Year Round School
Argumentative Essay Year Round SchoolTiffany Rodriguez
 
Your digital identity - are you feeling lucky?
Your digital identity - are you feeling lucky?Your digital identity - are you feeling lucky?
Your digital identity - are you feeling lucky?Kirsten Thompson
 
Self Assessment Essay Examples T. Online assignment writing service.
Self Assessment Essay Examples T. Online assignment writing service.Self Assessment Essay Examples T. Online assignment writing service.
Self Assessment Essay Examples T. Online assignment writing service.Beth Simner
 
Complete the following two stepsA. On the discussion forum,.docx
Complete the following two stepsA. On the discussion forum,.docxComplete the following two stepsA. On the discussion forum,.docx
Complete the following two stepsA. On the discussion forum,.docxskevin488
 
Social Networks And Phishing
Social Networks And PhishingSocial Networks And Phishing
Social Networks And Phishingecarrow
 
(Ab)using Identifiers: Indiscernibility of Identity
(Ab)using Identifiers: Indiscernibility of Identity(Ab)using Identifiers: Indiscernibility of Identity
(Ab)using Identifiers: Indiscernibility of IdentityBayCHI
 
006 Diversity Essays For College Sample Graduat
006 Diversity Essays For College Sample Graduat006 Diversity Essays For College Sample Graduat
006 Diversity Essays For College Sample GraduatLori Head
 
IS Undergrads Class 4
IS Undergrads Class 4IS Undergrads Class 4
IS Undergrads Class 4Joao Cunha
 
Example Essay Writing For Interview
Example Essay Writing For InterviewExample Essay Writing For Interview
Example Essay Writing For InterviewAmy Bryant
 
CST 20363 Session 6 Cyberspace
CST 20363 Session 6 CyberspaceCST 20363 Session 6 Cyberspace
CST 20363 Session 6 Cyberspaceoudesign
 
Digital Tattoo: for MOSAIC
Digital Tattoo: for MOSAICDigital Tattoo: for MOSAIC
Digital Tattoo: for MOSAICUniversity of British Columbia
 
Iot privacy vs convenience
Iot privacy vs convenienceIot privacy vs convenience
Iot privacy vs convenienceDon Lovett
 
who is writing my autobiography
who is writing my autobiographywho is writing my autobiography
who is writing my autobiographyLuca De Biase
 
Understanding Internet Security Threats and What They Mean to You
Understanding Internet Security Threats and What They Mean to YouUnderstanding Internet Security Threats and What They Mean to You
Understanding Internet Security Threats and What They Mean to YouBarbara Riedell Beauchamp
 
Virtual identity
Virtual identityVirtual identity
Virtual identityKim Tairi
 
VermontFest23 MaureenYoder 24for24.pptx
VermontFest23 MaureenYoder 24for24.pptxVermontFest23 MaureenYoder 24for24.pptx
VermontFest23 MaureenYoder 24for24.pptxmaureenyoder
 
VermontFest 23 MaureenYoder 24for24.pptx
VermontFest 23 MaureenYoder 24for24.pptxVermontFest 23 MaureenYoder 24for24.pptx
VermontFest 23 MaureenYoder 24for24.pptxmaureenyoder
 
Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon Kaliya "Identity Woman" Young
 
WCCC Faculty Presentation
WCCC Faculty PresentationWCCC Faculty Presentation
WCCC Faculty PresentationRay Brannon
 
You Too Can Use Web 2.0
You Too Can Use Web 2.0You Too Can Use Web 2.0
You Too Can Use Web 2.0valeriev
 
Pearl Disrtrict urban analyusis study pptx
Pearl Disrtrict urban analyusis study pptxPearl Disrtrict urban analyusis study pptx
Pearl Disrtrict urban analyusis study pptxDanielTamiru4
 
原版美国亚利桑那州立大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
原版美国亚利桑那州立大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree原版美国亚利桑那州立大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
原版美国亚利桑那州立大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degreeyuu sss
 

Mais conteúdo relacionado

Semelhante a Pragmatic Designer's Guide to Identity on the Web

Argumentative Essay Year Round School
Argumentative Essay Year Round SchoolArgumentative Essay Year Round School
Argumentative Essay Year Round SchoolTiffany Rodriguez
 
Your digital identity - are you feeling lucky?
Your digital identity - are you feeling lucky?Your digital identity - are you feeling lucky?
Your digital identity - are you feeling lucky?Kirsten Thompson
 
Self Assessment Essay Examples T. Online assignment writing service.
Self Assessment Essay Examples T. Online assignment writing service.Self Assessment Essay Examples T. Online assignment writing service.
Self Assessment Essay Examples T. Online assignment writing service.Beth Simner
 
Complete the following two stepsA. On the discussion forum,.docx
Complete the following two stepsA. On the discussion forum,.docxComplete the following two stepsA. On the discussion forum,.docx
Complete the following two stepsA. On the discussion forum,.docxskevin488
 
Social Networks And Phishing
Social Networks And PhishingSocial Networks And Phishing
Social Networks And Phishingecarrow
 
(Ab)using Identifiers: Indiscernibility of Identity
(Ab)using Identifiers: Indiscernibility of Identity(Ab)using Identifiers: Indiscernibility of Identity
(Ab)using Identifiers: Indiscernibility of IdentityBayCHI
 
006 Diversity Essays For College Sample Graduat
006 Diversity Essays For College Sample Graduat006 Diversity Essays For College Sample Graduat
006 Diversity Essays For College Sample GraduatLori Head
 
IS Undergrads Class 4
IS Undergrads Class 4IS Undergrads Class 4
IS Undergrads Class 4Joao Cunha
 
Example Essay Writing For Interview
Example Essay Writing For InterviewExample Essay Writing For Interview
Example Essay Writing For InterviewAmy Bryant
 
CST 20363 Session 6 Cyberspace
CST 20363 Session 6 CyberspaceCST 20363 Session 6 Cyberspace
CST 20363 Session 6 Cyberspaceoudesign
 
Iot privacy vs convenience
Iot privacy vs convenienceIot privacy vs convenience
Iot privacy vs convenienceDon Lovett
 
who is writing my autobiography
who is writing my autobiographywho is writing my autobiography
who is writing my autobiographyLuca De Biase
 
Understanding Internet Security Threats and What They Mean to You
Understanding Internet Security Threats and What They Mean to YouUnderstanding Internet Security Threats and What They Mean to You
Understanding Internet Security Threats and What They Mean to YouBarbara Riedell Beauchamp
 
Virtual identity
Virtual identityVirtual identity
Virtual identityKim Tairi
 
VermontFest23 MaureenYoder 24for24.pptx
VermontFest23 MaureenYoder 24for24.pptxVermontFest23 MaureenYoder 24for24.pptx
VermontFest23 MaureenYoder 24for24.pptxmaureenyoder
 
VermontFest 23 MaureenYoder 24for24.pptx
VermontFest 23 MaureenYoder 24for24.pptxVermontFest 23 MaureenYoder 24for24.pptx
VermontFest 23 MaureenYoder 24for24.pptxmaureenyoder
 
Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon Kaliya "Identity Woman" Young
 
WCCC Faculty Presentation
WCCC Faculty PresentationWCCC Faculty Presentation
WCCC Faculty PresentationRay Brannon
 
You Too Can Use Web 2.0
You Too Can Use Web 2.0You Too Can Use Web 2.0
You Too Can Use Web 2.0valeriev
 

Semelhante a Pragmatic Designer's Guide to Identity on the Web (20)

Argumentative Essay Year Round School
Argumentative Essay Year Round SchoolArgumentative Essay Year Round School
Argumentative Essay Year Round School
 
Your digital identity - are you feeling lucky?
Your digital identity - are you feeling lucky?Your digital identity - are you feeling lucky?
Your digital identity - are you feeling lucky?
 
Self Assessment Essay Examples T. Online assignment writing service.
Self Assessment Essay Examples T. Online assignment writing service.Self Assessment Essay Examples T. Online assignment writing service.
Self Assessment Essay Examples T. Online assignment writing service.
 
Complete the following two stepsA. On the discussion forum,.docx
Complete the following two stepsA. On the discussion forum,.docxComplete the following two stepsA. On the discussion forum,.docx
Complete the following two stepsA. On the discussion forum,.docx
 
Social Networks And Phishing
Social Networks And PhishingSocial Networks And Phishing
Social Networks And Phishing
 
(Ab)using Identifiers: Indiscernibility of Identity
(Ab)using Identifiers: Indiscernibility of Identity(Ab)using Identifiers: Indiscernibility of Identity
(Ab)using Identifiers: Indiscernibility of Identity
 
006 Diversity Essays For College Sample Graduat
006 Diversity Essays For College Sample Graduat006 Diversity Essays For College Sample Graduat
006 Diversity Essays For College Sample Graduat
 
IS Undergrads Class 4
IS Undergrads Class 4IS Undergrads Class 4
IS Undergrads Class 4
 
Example Essay Writing For Interview
Example Essay Writing For InterviewExample Essay Writing For Interview
Example Essay Writing For Interview
 
CST 20363 Session 6 Cyberspace
CST 20363 Session 6 CyberspaceCST 20363 Session 6 Cyberspace
CST 20363 Session 6 Cyberspace
 
Digital Tattoo: for MOSAIC
Digital Tattoo: for MOSAICDigital Tattoo: for MOSAIC
Digital Tattoo: for MOSAIC
 
Iot privacy vs convenience
Iot privacy vs convenienceIot privacy vs convenience
Iot privacy vs convenience
 
who is writing my autobiography
who is writing my autobiographywho is writing my autobiography
who is writing my autobiography
 
Understanding Internet Security Threats and What They Mean to You
Understanding Internet Security Threats and What They Mean to YouUnderstanding Internet Security Threats and What They Mean to You
Understanding Internet Security Threats and What They Mean to You
 
Virtual identity
Virtual identityVirtual identity
Virtual identity
 
VermontFest23 MaureenYoder 24for24.pptx
VermontFest23 MaureenYoder 24for24.pptxVermontFest23 MaureenYoder 24for24.pptx
VermontFest23 MaureenYoder 24for24.pptx
 
VermontFest 23 MaureenYoder 24for24.pptx
VermontFest 23 MaureenYoder 24for24.pptxVermontFest 23 MaureenYoder 24for24.pptx
VermontFest 23 MaureenYoder 24for24.pptx
 
Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon
 
WCCC Faculty Presentation
WCCC Faculty PresentationWCCC Faculty Presentation
WCCC Faculty Presentation
 
You Too Can Use Web 2.0
You Too Can Use Web 2.0You Too Can Use Web 2.0
You Too Can Use Web 2.0
 

Último

Pearl Disrtrict urban analyusis study pptx
Pearl Disrtrict urban analyusis study pptxPearl Disrtrict urban analyusis study pptx
Pearl Disrtrict urban analyusis study pptxDanielTamiru4
 
原版美国亚利桑那州立大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
原版美国亚利桑那州立大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree原版美国亚利桑那州立大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
原版美国亚利桑那州立大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degreeyuu sss
 
在线办理ohio毕业证俄亥俄大学毕业证成绩单留信学历认证
在线办理ohio毕业证俄亥俄大学毕业证成绩单留信学历认证在线办理ohio毕业证俄亥俄大学毕业证成绩单留信学历认证
在线办理ohio毕业证俄亥俄大学毕业证成绩单留信学历认证nhjeo1gg
 
group_15_empirya_p1projectIndustrial.pdf
group_15_empirya_p1projectIndustrial.pdfgroup_15_empirya_p1projectIndustrial.pdf
group_15_empirya_p1projectIndustrial.pdfneelspinoy
 
Create Web Pages by programming of your chice.pdf
Create Web Pages by programming of your chice.pdfCreate Web Pages by programming of your chice.pdf
Create Web Pages by programming of your chice.pdfworkingdev2003
 
FiveHypotheses_UIDMasterclass_18April2024.pdf
FiveHypotheses_UIDMasterclass_18April2024.pdfFiveHypotheses_UIDMasterclass_18April2024.pdf
FiveHypotheses_UIDMasterclass_18April2024.pdfShivakumar Viswanathan
 
Design principles on typography in design
Design principles on typography in designDesign principles on typography in design
Design principles on typography in designnooreen17
 
Business research proposal mcdo.pptxBusiness research proposal mcdo.pptxBusin...
Business research proposal mcdo.pptxBusiness research proposal mcdo.pptxBusin...Business research proposal mcdo.pptxBusiness research proposal mcdo.pptxBusin...
Business research proposal mcdo.pptxBusiness research proposal mcdo.pptxBusin...mrchrns005
 
General Knowledge Quiz Game C++ CODE.pptx
General Knowledge Quiz Game C++ CODE.pptxGeneral Knowledge Quiz Game C++ CODE.pptx
General Knowledge Quiz Game C++ CODE.pptxmarckustrevion
 
Dubai Calls Girl Tapes O525547819 Real Tapes Escort Services Dubai
Dubai Calls Girl Tapes O525547819 Real Tapes Escort Services DubaiDubai Calls Girl Tapes O525547819 Real Tapes Escort Services Dubai
Dubai Calls Girl Tapes O525547819 Real Tapes Escort Services Dubaikojalkojal131
 
Top 10 Modern Web Design Trends for 2025
Top 10 Modern Web Design Trends for 2025Top 10 Modern Web Design Trends for 2025
Top 10 Modern Web Design Trends for 2025Rndexperts
 
2024新版美国旧金山州立大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
2024新版美国旧金山州立大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree2024新版美国旧金山州立大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
2024新版美国旧金山州立大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degreeyuu sss
 
MT. Marseille an Archipelago. Strategies for Integrating Residential Communit...
MT. Marseille an Archipelago. Strategies for Integrating Residential Communit...MT. Marseille an Archipelago. Strategies for Integrating Residential Communit...
MT. Marseille an Archipelago. Strategies for Integrating Residential Communit...katerynaivanenko1
 
'CASE STUDY OF INDIRA PARYAVARAN BHAVAN DELHI ,
'CASE STUDY OF INDIRA PARYAVARAN BHAVAN DELHI ,'CASE STUDY OF INDIRA PARYAVARAN BHAVAN DELHI ,
'CASE STUDY OF INDIRA PARYAVARAN BHAVAN DELHI ,Aginakm1
 
办理卡尔顿大学毕业证成绩单|购买加拿大文凭证书
办理卡尔顿大学毕业证成绩单|购买加拿大文凭证书办理卡尔顿大学毕业证成绩单|购买加拿大文凭证书
办理卡尔顿大学毕业证成绩单|购买加拿大文凭证书zdzoqco
 
毕业文凭制作#回国入职#diploma#degree美国威斯康星大学欧克莱尔分校毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#...
毕业文凭制作#回国入职#diploma#degree美国威斯康星大学欧克莱尔分校毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#...毕业文凭制作#回国入职#diploma#degree美国威斯康星大学欧克莱尔分校毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#...
毕业文凭制作#回国入职#diploma#degree美国威斯康星大学欧克莱尔分校毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#...ttt fff
 
专业一比一美国亚利桑那大学毕业证成绩单pdf电子版制作修改#真实工艺展示#真实防伪#diploma#degree
专业一比一美国亚利桑那大学毕业证成绩单pdf电子版制作修改#真实工艺展示#真实防伪#diploma#degree专业一比一美国亚利桑那大学毕业证成绩单pdf电子版制作修改#真实工艺展示#真实防伪#diploma#degree
专业一比一美国亚利桑那大学毕业证成绩单pdf电子版制作修改#真实工艺展示#真实防伪#diploma#degreeyuu sss
 
昆士兰大学毕业证(UQ毕业证)#文凭成绩单#真实留信学历认证永久存档
昆士兰大学毕业证(UQ毕业证)#文凭成绩单#真实留信学历认证永久存档昆士兰大学毕业证(UQ毕业证)#文凭成绩单#真实留信学历认证永久存档
昆士兰大学毕业证(UQ毕业证)#文凭成绩单#真实留信学历认证永久存档208367051
 
cda.pptx critical discourse analysis ppt
cda.pptx critical discourse analysis pptcda.pptx critical discourse analysis ppt
cda.pptx critical discourse analysis pptMaryamAfzal41
 
Call Girls in Ashok Nagar Delhi ✡️9711147426✡️ Escorts Service
Call Girls in Ashok Nagar Delhi ✡️9711147426✡️ Escorts ServiceCall Girls in Ashok Nagar Delhi ✡️9711147426✡️ Escorts Service
Call Girls in Ashok Nagar Delhi ✡️9711147426✡️ Escorts Servicejennyeacort
 

Último (20)

Pearl Disrtrict urban analyusis study pptx
Pearl Disrtrict urban analyusis study pptxPearl Disrtrict urban analyusis study pptx
Pearl Disrtrict urban analyusis study pptx
 
原版美国亚利桑那州立大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
原版美国亚利桑那州立大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree原版美国亚利桑那州立大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
原版美国亚利桑那州立大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
 
在线办理ohio毕业证俄亥俄大学毕业证成绩单留信学历认证
在线办理ohio毕业证俄亥俄大学毕业证成绩单留信学历认证在线办理ohio毕业证俄亥俄大学毕业证成绩单留信学历认证
在线办理ohio毕业证俄亥俄大学毕业证成绩单留信学历认证
 
group_15_empirya_p1projectIndustrial.pdf
group_15_empirya_p1projectIndustrial.pdfgroup_15_empirya_p1projectIndustrial.pdf
group_15_empirya_p1projectIndustrial.pdf
 
Create Web Pages by programming of your chice.pdf
Create Web Pages by programming of your chice.pdfCreate Web Pages by programming of your chice.pdf
Create Web Pages by programming of your chice.pdf
 
FiveHypotheses_UIDMasterclass_18April2024.pdf
FiveHypotheses_UIDMasterclass_18April2024.pdfFiveHypotheses_UIDMasterclass_18April2024.pdf
FiveHypotheses_UIDMasterclass_18April2024.pdf
 
Design principles on typography in design
Design principles on typography in designDesign principles on typography in design
Design principles on typography in design
 
Business research proposal mcdo.pptxBusiness research proposal mcdo.pptxBusin...
Business research proposal mcdo.pptxBusiness research proposal mcdo.pptxBusin...Business research proposal mcdo.pptxBusiness research proposal mcdo.pptxBusin...
Business research proposal mcdo.pptxBusiness research proposal mcdo.pptxBusin...
 
General Knowledge Quiz Game C++ CODE.pptx
General Knowledge Quiz Game C++ CODE.pptxGeneral Knowledge Quiz Game C++ CODE.pptx
General Knowledge Quiz Game C++ CODE.pptx
 
Dubai Calls Girl Tapes O525547819 Real Tapes Escort Services Dubai
Dubai Calls Girl Tapes O525547819 Real Tapes Escort Services DubaiDubai Calls Girl Tapes O525547819 Real Tapes Escort Services Dubai
Dubai Calls Girl Tapes O525547819 Real Tapes Escort Services Dubai
 
Top 10 Modern Web Design Trends for 2025
Top 10 Modern Web Design Trends for 2025Top 10 Modern Web Design Trends for 2025
Top 10 Modern Web Design Trends for 2025
 
2024新版美国旧金山州立大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
2024新版美国旧金山州立大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree2024新版美国旧金山州立大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
2024新版美国旧金山州立大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
 
MT. Marseille an Archipelago. Strategies for Integrating Residential Communit...
MT. Marseille an Archipelago. Strategies for Integrating Residential Communit...MT. Marseille an Archipelago. Strategies for Integrating Residential Communit...
MT. Marseille an Archipelago. Strategies for Integrating Residential Communit...
 
'CASE STUDY OF INDIRA PARYAVARAN BHAVAN DELHI ,
'CASE STUDY OF INDIRA PARYAVARAN BHAVAN DELHI ,'CASE STUDY OF INDIRA PARYAVARAN BHAVAN DELHI ,
'CASE STUDY OF INDIRA PARYAVARAN BHAVAN DELHI ,
 
办理卡尔顿大学毕业证成绩单|购买加拿大文凭证书
办理卡尔顿大学毕业证成绩单|购买加拿大文凭证书办理卡尔顿大学毕业证成绩单|购买加拿大文凭证书
办理卡尔顿大学毕业证成绩单|购买加拿大文凭证书
 
毕业文凭制作#回国入职#diploma#degree美国威斯康星大学欧克莱尔分校毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#...
毕业文凭制作#回国入职#diploma#degree美国威斯康星大学欧克莱尔分校毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#...毕业文凭制作#回国入职#diploma#degree美国威斯康星大学欧克莱尔分校毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#...
毕业文凭制作#回国入职#diploma#degree美国威斯康星大学欧克莱尔分校毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#...
 
专业一比一美国亚利桑那大学毕业证成绩单pdf电子版制作修改#真实工艺展示#真实防伪#diploma#degree
专业一比一美国亚利桑那大学毕业证成绩单pdf电子版制作修改#真实工艺展示#真实防伪#diploma#degree专业一比一美国亚利桑那大学毕业证成绩单pdf电子版制作修改#真实工艺展示#真实防伪#diploma#degree
专业一比一美国亚利桑那大学毕业证成绩单pdf电子版制作修改#真实工艺展示#真实防伪#diploma#degree
 
昆士兰大学毕业证(UQ毕业证)#文凭成绩单#真实留信学历认证永久存档
昆士兰大学毕业证(UQ毕业证)#文凭成绩单#真实留信学历认证永久存档昆士兰大学毕业证(UQ毕业证)#文凭成绩单#真实留信学历认证永久存档
昆士兰大学毕业证(UQ毕业证)#文凭成绩单#真实留信学历认证永久存档
 
cda.pptx critical discourse analysis ppt
cda.pptx critical discourse analysis pptcda.pptx critical discourse analysis ppt
cda.pptx critical discourse analysis ppt
 
Call Girls in Ashok Nagar Delhi ✡️9711147426✡️ Escorts Service
Call Girls in Ashok Nagar Delhi ✡️9711147426✡️ Escorts ServiceCall Girls in Ashok Nagar Delhi ✡️9711147426✡️ Escorts Service
Call Girls in Ashok Nagar Delhi ✡️9711147426✡️ Escorts Service
 

Pragmatic Designer's Guide to Identity on the Web

  • 2. Introductions A fable People (are tricky) Past Present Future
  • 8. Logging in to stuff. Being logged in to stuff. Logging out of stuff.
  • 9. Scylla (Security & technical stuff) Charybdis (Social stuff) Odysseus (This talk)
  • 10. Fable
  • 11.
  • 12. “Facebook wants to be your one true login.”
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 27. They share computers. 95% had at least one shared computer 45% of computers were shared (35% single profile / 28% shared profile/ 38% mixed) Public vs. private areas Short tasks vs. long tasks
  • 29. They make up names. “At the Fieldston School in the Bronx, a class on Tolstoy resulted in some students adding Russian patronymics like -ovich and -ovna to their names.” - NY Times
  • 30. They have multiple accounts. 38% of twitter users have 2+ accounts
  • 31. They reuse passwords. Average user has ~25 password accounts Average user types ~8 distinct passwords / day Average password used ~6 different sites Correlation between password strength and reuse
  • 32. They ignore security advice. (Rationally.) Estimated cost of phishing: $90 million. Estimated cost of following anti-phishing advice: $15.9 billion. Opportunity cost of reading all privacy policies: $781 billion / year.
  • 33.
  • 35.
  • 36.
  • 37.
  • 38. Login UI Username or email address? How do you navigate to the login? Where is the login in the site? How is it laid out on the page? What UI elements do you need to include? Sign in or log in? (Or login or log on?)
  • 39. Usernames vs. email addresses (vs. real names) What you log in with isn’t necessarily what you display to the user or to other users. Usernames can be pseudonyms, which can be good and bad. Usernames are more easily forgotten, email addresses are more easily lost. Most systems only support one username, but many support multiple email addresses. The bigger you are, the bigger a namespace collision problem. With email addresses, it’s somebody else’s problem. Over time, most systems end up with usernames and email addresses (and real names and pictures).
  • 40.
  • 41. Almost a Security Slide Login on home page vs. login on every page vs. login on special page Sadly, an operations vs. security vs. usability tradeoff Banks pick every page as they’re all https anyway Most other sites pick special page Some have https forms but not pages ...
  • 42.
  • 43.
  • 44. I know what this means. And what this means. But what does this do?
  • 46. 12345$ /0-$0.$ /0-,.$ 67$ 6+$ /0-$,.$ +,-.$,.$ !"!!#$ %!"!!#$ &!"!!#$ '!"!!#$ (!"!!#$ )!"!!#$ *!"!!#$
  • 47.
  • 48.
  • 49.
  • 51. An Irreverent History of Authentication Weirdness 1. First, there was OpenID, which was a funny way to log in with URLs. (Almost) no one used it. 2. Then came mashups, and sites started asking for other sites’ passwords. This Was Bad. 3. Then came OAuth ...
  • 52.
  • 53.
  • 54.
  • 55.
  • 56.
  • 57.
  • 58. Authentication Options The old-fashioned way “Logging in” via another service Implicitly being “logged in” via another service Combinations Multiple options
  • 59.
  • 60.
  • 61.
  • 62. Control. Choice (and the paradox of). Communication. Access.
  • 64.
  • 65.
  • 66.
  • 67.
  • 68.
  • 69. “Identity” is an intimate and often contentious topic. One common refrain that interviewees mentioned was that people who maintained multiple online “identities” primarily used them for deviant purposes. These initial assumptions of deviance did not match my own findings... Not only do people have multiple identities for different public and private spheres, but they may also conduct a substantial portion of their interactions, online as well as offline, in different spheres. the combinations of public, private, online, and offline are often intermixed. - Ben Gross, Online Identifiers in Everyday Life
  • 71. questions? James Reffell @jreffell designcult.org james.reffell@gmail.com
  • 72. References Identity in general Online Identifiers in Everyday Life (forthcoming), Ben Gross (http://bengross.com/) ReadWriteWeb story Facebook Wants to be Your One True Login, ReadWriteWeb (http://www.readwriteweb.com/archives/facebook_wants_to_be_your_one_true_login.php) People are tricky An Online Alias Keeps Colleges Off Their Trail, NY Times (http://www.nytimes.com/2010/04/25/fashion/25Noticed.html) A Large-Scale Study of Web Password Habits, Dinei Florencio & Cormac Henley (http://research.microsoft.com/apps/pubs/?id=74164) So Long, And No Thanks for all the Externalities: the Rational Rejection of Security Advice by Users, Cormac Henley (http://research.microsoft.com/users/cormac/papers/2009/SoLongAndNoThanks.pdf) The Cost of Reading Privacy Policies, Aleecia M. McDonald & Lorrie Faith Cranor I/S: A Journal of Law and Policy for the Information Society, 2008 Privacy Year in Review (http://www.is-journal.org/) How Many Twitter Accounts Do You Have? Techcrunch (http://techcrunch.com/2008/01/09/how-many-twitter-accounts-do-you-have/) Family Accounts: A new paradigm for user accounts within the home environment Serge Egelman, A.J. Brush, and Kori Inkpen (http://research.microsoft.com/apps/pubs/?id=74234)
  • 73. Past References Web Form Design: Filling in the Blanks, Luke Wroblewski (http://www.rosenfeldmedia.com/books/webforms/) Designing for Social Traction, Joshua Porter (http://bokardo.com/archives/designing-for-social-traction-slide-deck/) Present Data Reveals Trends Among Social Media, JanRain http://blog.janrain.com/2010/04/data-reveals-trends-among-social-media.html Log in or sign uo with OpenID, Leah Culver (http://blog.leahculver.com/2009/11/log-in-or-sign-up-with-openid.html) Future Meebo pushes xAuth.org as solution to social network toolbar clutter problem, Scobleizer (http://www.youtube.com/watch?v=-UjXswWs7xg) Facebook and Radical Transparency (a rant), danah boyd (http://www.zephoria.org/thoughts/archives/2010/05/14/facebook-and-radical-transparency-a-rant.html) Identity in the Browser (Firefox), Aza Raskin (http://www.azarask.in/blog/post/identity-in-the-browser-firefox/) Account Manager Coming to Firefox, Mozilla (http://hacks.mozilla.org/2010/04/account-manager-coming-to-firefox/) OpenID Connect (http://openidconnect.com/)
  • 74. Creative Commons Credits phil.d Joe Shlabotnik http://www.flickr.com/photos/phill_dvsn/393952186/ http://www.flickr.com/photos/joeshlabotnik/305410323/ NicksNotToShabby ryancr http://www.flickr.com/photos/nicksnottoshabby/4558725627/ http://www.flickr.com/photos/ryanr/142455033/ Jaume d'Urgell Roger Smith http://www.flickr.com/photos/jaumedurgell/740880616/ http://www.flickr.com/photos/rogersmith/3478145163/ bandita Kansas Sebastian http://www.flickr.com/photos/cosmic_bandita/2218419160/ http://www.flickr.com/photos/kansas_sebastian/4395356552/ jasohill c@rljones http://www.flickr.com/photos/jasohill/3711675312/ http://www.flickr.com/photos/_belial/414619731/

Notas do Editor

  2. *How this talk in gonna work* This talk will be a series of stories, with some numbers and bold assertions thrown in for later use. I'll start with a simple story, and get to some more complicated ones later. There will be some time travel involved. I'm going to leave a lot of room for questions. It'll be up on SlideShare later, with my notes and a lot of links to sources. BUT FIRST: I'd like a show of hands. Events seem to be busy happening right now. So, audience: Nitty gritty how to build the perfect login box, or a live Facebook chat?
  3. I'm James, I'm a designer. I live in San Francisco, near the beach.
  4. I worked in e-commerce (eBay) and search (Yahoo). I've done a lot of design pattern work. Now I work at a little startup called Usable Security Systems, where I’ve spent the past year or so thinking a lot about authentication and making user accounts and passwords nicer, which relates to this talk. I'm a designer and I tend to emphasize the user experience and de-emphasize the technology, although there are some technical aspects to this talk which I'll atempt not to screw up.
  5. That's me. Who are you? I wrote this assuming you care about identity because it matters for something you're building, right now or very soon. I think you're also interested in the user experience aspects of identity on the web right now, but maybe a little wary of all the changes that have been happening.
  6. There’s a lot of definitions of identity, even limiting it to online. It covers a lot of ground. Let's narrow down a little, maybe.
  7. Ben Gross: “alphanumeric strings that people and systems employ to differentiate users, objects, devices, and data from one another.” But we can be even more concrete for this talk.
  8. The word “authentication” comes up a lot here. These actions are one of the classic places where users tell websites or applications “who they are” and then the websites say back to them “here’s what you can do”.
  9. Scylla and Charibdis. This talk is Odysseus. It’s really hard to talk about this topic without turning it into a technical or security talk. I value security too much to be doing the talking -- I work with real security folks, and that’s some tricky stuff. On the other side, the social implications of identity are huge. We’ll get into some of them, but I wanted to talk about things that are critical even for applications that aren’t primarily social.
  10. You might know part of this story already. But it’s worth teasing out some of what happened before we start getting into the advice part.
  11. So there’s this blog called ReadWriteWeb.
  12. In February, they wrote an article about some of the stuff we’re going to talk about today. It became very popular!
  13. So popular it became the top result for the search query “facebook login”. Which as it turns out, a lot of people were using as a way to navigate to Facebook. (This is pretty normal, btw. Lot’s of people use search for navigation. )
  14. So folks looking for this ...
  15. ... instead saw this, and freaked out. Many of those people probably exited and did something else. But some people were convinced this was Facebook -- remember that this was around the time FB was doing some major redesigns and people were feeling a little disoriented anyway. So the dedicated looked for some way to log in.
  16. Which led to this. This is the part you might have seen before. [Read silly comment] Silly users, right?
  17. ... RRW had to post this in the middle of their article ... ... and then it became and internet meme, and other folks started adding parody comments and a bunch of blog posts got writen and it became a Thing, briefly.
  18. Lesson that users are stupid? NO. NO. NO. Better lesson: many people out there have a much less good grasp of the concepts we take for granted: URLs, search, websites, browsers, etc. than we expect. This is hard to keep in mind. But there’s something else, too.
  19. Let’s look at those comments again. Notice something. Those are Facebook pictures. And full names (which I’ve blurred). Those users ARE logged into Facebook. They succeeded! Just not in the way they expected. Nor do they realize it. But they are, just the same. (Even better, some of them probably already were.)
  20. And this is why. They saw the words “sign in” and “facebook” and a facebook logo. And they clicked sign in.
  21. Then, assuming they really weren’t logged in in to Facebook from the start, they saw something like this. This is a Facebook Connect dialog. It’s asking for facebook credentials to a. log the person in to FB, and b. allow a limited set of communication between FB and Readwriteweb. Enough that RWW can allow a comment, for instance. Now, the fine print has some things to say about connecting and sharing, but really, it looks like a login page. So they log in.
  22. And voila, they can comment! (This is a comment I posted to the thread. Just to feel included.) Now, behind they scenes, they really are logged into Facebook. So, in some sense, they succeeded. If they went to Facebook, they wouldn’t have to re-enter their information.
  23. But they didn’t REALLY succeed, because they probably don’t know that. And, of course, they’ve just tied their Facebook identity, with what is probably their real name, to a comment on a blog they’d never heard of today. And that blog is now an authorized app for their Facebook account. Luckily it’s the nice folks at RWW and not someone sketchy, right?
  24. So what’s going on here? In the words of a wise man, “Strange things are afoot at the circle K.”
  25. Another way of saying it is, identity -- specifically, authenication -- logging into stuff and being logged into stuff and logging out of stuff -- is getting to be a fuzzy concept.
  26. Now, before we talk about that fuzziness, let's talk about he fuzziness which has always been with us. And that's people. People are tricky. So before we get to the time travel, let's talk about how tricky they are. I'm going to throw some numbers and stories at you.
  27. People share computers. We don't always allow for this when we design software, but they do. These numbers come from a Microsoft study of [[X number] of homes. They showed that sharing is common, but not universal, and that context of place (where the computer is) and task (long vs short tasks) both effect sharing. Most OS's now have profiles that help a little with this, but not everyone uses them and those that do don't use them every time. It's all very fluid.
  28. People share accounts. That is, multiple people use a single account name or email address and password pair, and do stuff. eBay history -- eBay, of course, has some very large businesses selling on it, and has for some time. But for YEARS, we'd get complaints from account owners, who might have a dozen employees using a single account, and were worried that one disgruntled employee could take down their entire business. I think even now you have to use 3rd party tools to deal with this. Twitter has a similar situation with its corporate accounts. But even outside of business this happens. A friend of mine died recently, but his Facebook profile is still active. Two of his friends share his account and post things in his honor.
  29. NY Times article. A bunch of kids all change their names in Facebook. Why? To be cute, but also to avoid college recruiters, who they are convinced troll FB for information on them during college application season. No idea if they're right or not. More generally, while FB periodically cracks down on fake-seeming names (sometimes catching real people with fake-sounding names in the process), anecdotally name-changing on FB is pretty common. I think it usually happens after the "adding lots of people" phase is over, and folks can rely on familiarity + the profile picture to let their contacts know who's really there. I'd estimate I have about a half-dozen partly or totally masked names on my friends list. And I'm old!
  30. Poll of Techcrunch users (so skewed for audience). But it makes sense ... how many of you guys have more than one twitter account? More than one Gmail account?
  31. Passwords. Wonderful Microsoft Research paper by Dinei Florencio and Cormac Herley. They had a HUGE sample of user data to work with, using a widely sintalled toolbar. Here's what they found. This stuff really maters for security. This isn't a security talk, but this is a pretty big issue for sites. Though not, necessarily, for users ...
  32. Another MSFT Research paper by Cormac Herley did an economic model of the cost of following certain kinds of security advice versus the possible risks associated with NOT following the advice. He found that in most cases, it is rational for users to ignore many of the most common forms of advice. E.g.: cost of pishing vs. cost of protection from being phishing by studying URLs. Similarly, a paper from CMU Aleecia MacDonald and Lorrie Cranor said: "We estimate that reading privacy policies carries costs in time of approximately 201 hours a year, worth about $3,534 annually per American Internet user. Nationally, if Americans were to read online privacy policies word-for-word, we estimate the value of time lost as about $781 billion annually."
  33. So, people? Tricky. It’s not so much that they’re irrational, it’s that their rational behavior is often more complex than the simple boxes our software tries to put them in. So the break out of the boxes, or route around them, or ignore them.
  34. Now, let’s go back in time. Just a little. For a couple of reasons -- one, a lot of folks still need to design in the pre-identity-wackiness world. Two, I’m a big believer in getting the basics right and logging in and out was sarting to be what I call a MOSTLY solved problem.
  35. Now we're in the past. Norms are important for designing here. Don't shock the natives. What are norms? The norms I'm talking about are the affordances that people have learned to accept over time. They've formed their expectations around them. These are kind of like design patterns, except design patterns are on purpose, and these aren't always. So, norms. Let's take logging into a site. Simple, yes?
  36. Why are norms pwoerful? Beacuse if you put this -- blah blahs and all -- on your site, a decent percentage of people would be able to log in. Not everyone, but a lot. (If time, relate SAT story.)
  37. This, though, would trip almost everyone up.
  38. When designing your login system, there’s a bunch of questions you have to ask. Here are some of them.
  39. Narrate this. Use LinkedIn as an example.
  40. You go to the home page, where do you look to sign in? The top. Almost every time. The right, often. I don’t really get putting it in the middle, but some people do that. Top right is a big deal, only things that should be there are sign in, sign up, maybe search and help. So, do this.
  41. This is almost a security slide. Talk to a security professional before making any decisions.
  42. Selection of common sites, real location of their login boxes (on whatever page they have a login box).
  44. That checkbox that everyone has? I hate it. And this is why. There are two common results. Sometimes sites use clear language: “Remember my email on this computer” (which means if you log out or time out, when you log in again the email is filled in -- more common with banks) or “Keep me signed in for X amount of time”. But often they don’t -- they say “Remember me.” Making the difference clear takes a lot of words, and still folks will get the wrong impression bc/ of the prevalence of both types. And the most common phrasing isn’t clear at all. (And this is before, say, Firefox’s password manager asks about remembering in a different way.)
  45. Better to do what LinkedIn does, and have no checkbox. Instead, default to keeping you logged in, and ask again if you do something that needs higher security, like messaging someone. If you’re not dealing with financial or health info, this is probably the best path.
  46. Top 100 US sites vs. UK sites, button language.
  47. Finally, norms doesn’t have to mean being boring. You can suprise people in good ways which don’t detract from the experience, and surprise them in bad ways which do. Norms are more about getting the details right in many cases -- this login screen from Ravelry is an example of a nice big surprise which adds to the user experience (the awesome illustration) and a tiny nasty surprise which detracts from it (norm of text w/in a text field disappearing on click).
  48. Those are some of the UI issues and UI elements in a login box. Of course, there's more to it -- handling errors, forgotten passwords, and signing in. This book is a good guide to a lot of the nitty gritty issues, if you don't already have a copy, get one.
  49. And signing up? Just check this presentation out. I hope you’ve already seen it. Live it.
  51. This is an intentionally simplified and snarky verison of a much more complex reality. No insult intended to the folks who worked hard on various of these technologies. But sometimes, we use snark to cope with complexity.
  52. OAuth, a way of handing over limited stuff from one site to another. When you're in an OAuth flow, it  feels like you're using one site to log into another, but it's actually something called "access delegation."
  53. Facebook launches something Facebook Connect. Not OAuth, but similar in effect. Hugely successful. We saw an example of it with the RWW story. Folks complain that FB connect isn’t open, and isn’t following the dominant protocol (OAuth). So Facebook launches their Open Graph API, which freaks everybody out. It’s not really open, but it does use OAuth 2.0. Which can look like this ...
  54. But can also look like this. (Story about how I’ve never used Pandora, yet it knows my favorite bands.) This is called Instant Personalization. And this, along with the “Like button everywhere” reflects Facebook’s newer model.
  55. So how are these doing? Janrain, an authentication platform provider, did a study in April. Here’s what they showed.
  56. Also, last fall, Leah Culver showed some numbers for OPenID + Oauth + FB connect signups to Typepad. (I assume mostly comments, not new Typepad blogs).
  57. The she showed a breakdown over time -- growth by Twitter and HUGE growth by Facebook.
  58. So what are we left with? TOO MANY OPTIONS. Here’s what you could provide to your users. Let’s talk about how you decide.
  59. The problem with combinations. Generally, if you have to put that much text under a button, something is wrong. (I learned this at eBay.)
  60. The Nascar problem. Coined by Daniel Burka. Not this problem.
  61. This one.
  62. Talk about these a bunch. Control - do you control the information? (Do you want to? Control has risks!) Choice - giving choice (and informed consent) to your users is good -- to a point. Overwhelming them with choices they are not equipped to make (due to lack of knowledge or time) is not good. Communication. Getting the email vs. other paths. Access. Sometimes you just want a lot of users, and access to their stuff.
  64. Some of the future is about solving very practical problems. Explain about XAuth from Meebo. Trying to kill this particular NASCAR problem. Note that some importan stuff happens BEFORE authentication.
  65. Talk about identity - in - browser. Concept stuff coming from Mozilla labs. Targeting Firefox 4.0. You can get a plugin now, but it only slightly works. (Account Manager from Firefox)
  66. My product! Usable.com I should be able to talk about this unprompted, I’ve been designing it for two years...
  67. OpenID built on top of OAuth 2.0. Announced about 30 seconds ago. Wish I knew what the user experience would be like.
  68. You have one identity… The days of you having a different image for your work friends or co-workers and for the other people you know are probably coming to an end pretty quickly… Having two identities for yourself is an example of a lack of integrity” – Zuckerberg, 2009
  70. This stuff is moving fast. Know your audience -- and unless you’re really sure of them, be conservative and sparing. In a year, this will all look different. But it’s important.