Questions tagged [user-interface]
The user-interface tag has no summary.
43 questions
9
votes
3
answers
2k
views
Overlap for One-Time Passwords
I've got multiple OTP managers on my telephone. All of them seem to work with a constant timeout on the one-time passwords that are generated. For instance, the Microsoft authenticator works using a 6-...
- 4,983
0
votes
1
answer
125
views
Is there a good case of passwords to be hidden on the screen to the extent it is? [closed]
In the olden days most computer displays involved a coaxial lead attached to a cathode ray tube. This functioned as a radio transmitter of what was displayed on the screen. I understood the response ...
- 447
0
votes
0
answers
128
views
Why doesn't file/folder encryption work the way I imagine it should? Can I have the UX I want? Tell me what's wrong with this idea
I have been looking around at various encryption schemes, and I haven't found anything exactly like what I want in terms of user experience.
If what I want isn't a thing, I assume it's been thought of,...
- 101
1
vote
1
answer
120
views
Is there a security-related motivation for prompting me for my email address, and then my email and password?
Often when I am signing into web sites, I am prompted for credentials in two steps. First, they ask me to enter my email address. I type it in and click a button. Then they ask me for my password. I ...
- 657
25
votes
9
answers
9k
views
Redirect to login page if authorization required -- security flaw?
Suppose we have a site that has public and private areas. The private areas require login.
For example "www.site.com/about" is publicly accessible. But "www.site.com/message_inbox"...
- 361
3
votes
2
answers
1k
views
Why do some password fields allow users to see what they type while others do not?
When I type a password somewhere, I see placeholders (black dots) in place of characters. But sometimes, there is also a toggle button to view the password like in a regular input field (typically an ...
- 31
0
votes
2
answers
150
views
is it ok to reveal number of digits in a muti-factor code input screen?
Security-minded UX designer here.
Some user interfaces reveal the number of characters in the UI for entering a second-factor security code. Is there risk in doing it this way?
How much more secure is ...
0
votes
1
answer
116
views
User associated email address viewable in it's personal settings
Some applications tend to hide completely the user associated email address or just showing a part of it (e.g. f***[email protected]) in the user's personal settings. Other applications don't mind showing the ...
- 117
0
votes
1
answer
358
views
For failed logins, what information should be given to users?
When a user fails to successfully login, what information should be given back to them?
Normally, we post back "Account not found" or "Incorrect password" or "Incorrect ...
- 635
2
votes
3
answers
2k
views
Is it safe and permissive to remember devices to skip two factor authentication when dealing with sensitive information?
We're a small UK startup building a small service that allows certain special people (e.g. journalists) to access non-public court information.
This information includes a ton of private and ...
- 121
7
votes
2
answers
334
views
What is the best way to show a (long) number for comparison?
How to represent visually a number (like a key or hash) on a screen for visual comparison with another representation of that number on another screen (or another window) in such way that it would be ...
- 5,108
53
votes
5
answers
10k
views
Why do many websites hide input when entering an OTP?
I've noticed that on many sites, when they ask for a one-time password (OTP) (usually sent by SMS), the input is hidden in the same way as a password field is.
My understanding is that once an OTP is ...
- 602
1
vote
0
answers
103
views
Is it possible to verify that it's safe to enter social media credentials in a given [IOS, Android, Win10] app?
When logging into web sites using federated login, it's easy to verify that the site that I'm entering my credentials into the site of the identity provider by looking at the address bar and ensuring ...
- 305
5
votes
2
answers
609
views
Dealing with violating privacy of registered users during failed authentication
We are forth and back discussing how to deal with privacy issues during failed authentication, password reset and account creation on a web application.
Let's say I am in the process of creating an ...
- 913
1
vote
1
answer
254
views
Why is TLS for email not pushed aggressively to the users likes HTTPS? [closed]
Major browsers like Chrome and Firefox are being more and more aggressive at displaying the security level of websites, for instance warning you when you try to enter passwords on a non-HTTPS website.
...
